Microsoft’s new cloud PCs place AI agents under enterprise controls
Microsoft’s Windows 365 for Agents, a cloud PC platform for agentic workloads, runs AI agents in secure environments. Organizations can direct agents with natural language to interact with applications, browsers, files, and enterprise systems. The platform is available in public preview.
A conceptual computer-using agent architecture. (Source: Microsoft)
Users will be able to automate workflows that rely on applications and systems without APIs, including legacy and UI-based environments, without giving up enterprise security or control.
AI agent security boundaries
Windows 365 for Agents lets organizations define and manage agents independently, continuously, or on demand using existing identity, policy, and management controls such as Microsoft Entra ID and Intune. Agents operate within defined boundaries for multi-step workflows.
“Running agents in this controlled environment helps isolate risk and enforce security boundaries so agents can operate autonomously while remaining governed by your policies and without negatively impacting production systems,” Julie Hersum, Principal Consultant at Microsoft, explained.
A recent Cloud Security Alliance report found that securing AI agents requires the same rigor and traceability applied to human users because agents act on behalf of humans by accessing data and making business-impacting decisions.
Without boundaries, agents can access unintended systems, operate beyond their intended scope, and amplify small mistakes throughout workflows. Organizations need a dedicated execution environment for autonomous activity that keeps agents under human oversight by default.
“The threat that keeps us up at night isn’t another clever jailbreak, it’s autonomous data misuse by AI agents operating in systems the enterprise doesn’t fully see, understand, or govern yet,” Gidi Cohen told Help Net Security.
Cohen said the bigger risk for enterprises is data exposure in autonomous AI workflows. AI agents can access multiple systems, use tools, and take actions such as sending emails, updating records, or publishing content without constant human oversight. Mistakes in how data is accessed or shared can quickly become organization-wide security problems.