Microsoft Scout Is OpenClaw With an Enterprise Suit On

By Tuesday morning, Scout has already reshuffled the calendar: a meeting that ran long in another time zone has been folded into a 30-minute block, an open Teams thread flagged as a stalled decision, and a draft of prep notes for a 2 p.m. review is waiting in Outlook. This is what Microsoft means by "always-on," and the company is betting that this is the shape of the next agent category. At Build 2026 on June 2, Microsoft introduced Scout as the first of what it calls "Autopilots" — agents that run in the background, act under user- and organization-set permissions, and carry their own identity.

The surface area is the Microsoft 365 stack readers already know. Scout lives in Teams, reads and writes in Outlook, pulls from OneDrive and SharePoint, and is starting to extend into the browser and local resources through model context protocol (MCP) servers. Microsoft is also pointing at a context layer it calls Work IQ, which it says learns how the user works, what they care about, and what needs to happen next. In Microsoft's own framing, users name a Scout — a demo instance is called "Sebastian" — and continually train it the way they would a new hire.

Underneath all of that is the part Microsoft is unusually candid about. The Microsoft 365 announcement states plainly that Scout is "powered by OpenClaw open-source technology," and that Microsoft is "contributing policy conformance directly upstream to OpenClaw." TechCrunch's Russell Brandom reported the same day that Scout is "built on the OpenClaw framework," quoting Scout VP Omar Shahine on the record. OpenClaw is an open-source project for orchestrating autonomous agents across local files, apps, and services — and Scout is the most prominent commercial productization of it to date.

What Microsoft is selling as the enterprise layer is not the model. It is the identity and permission model. Each Scout runs under its own governed Entra identity, with credentials scoped to the task and redacted from logs and diagnostics, rather than a shared service account. Microsoft Purview sensitivity labels and data-loss-prevention policies are enforced in the moment, and sensitive actions can require a human to sign off. In other words, Microsoft is not just wrapping OpenClaw in a product; it is wrapping it in the identity and policy plumbing that an enterprise IT department is willing to approve.

The framing is also a security argument. A February 2026 Microsoft Security blog post laid out three runtime risks in OpenClaw-style agents: credential exposure, persistent memory modification, and host compromise via malicious "skills." Scout's answer is a built-in policy conformance system with per-check audit trails, and Microsoft is upstreaming that work into the open-source project itself.

Two caveats are worth keeping in view. First, Scout is shipping as an "experimental release" through Microsoft's Frontier program, which requires Frontier enrollment, an Intune policy configuration, an opt-in attestation, and a GitHub Copilot license. "Always-on" today means on for a select group of Frontier customers, not for every Microsoft 365 tenant. Second, TechCrunch reports that the OpenClaw project's founder was later acquired by OpenAI and that the project's momentum tailed off after that — a single-source claim, but one that helps explain why Microsoft sees an opening to wrap the open-source stack for the enterprise.

The "Autopilot" label is a category claim, not a deployment status. What Microsoft is actually shipping in Scout is the productization of an existing open-source agent runtime, paired with the identity, policy, and context plumbing that makes it survivable inside a regulated IT estate. The interesting question is not whether the always-on agent is real — Scout is doing it — but which of the choices the agent now makes on the user's behalf their organization is willing to inherit.