GPT-5.6 (Sol / Terra / Luna) is now evaluated on TrustVector โ€” with day-1 independent verification, incl. METR's benchmark-cheating findings.

Read the evaluation
Evaluation record ยท microsoft-scout

Microsoft Scout

vFrontier preview (experimental, announced Build 2026)

Microsoft

Agentautonomousalways-onenterprisemicrosoft
70
Adequate
About This Agent

Always-on autonomous personal agent for Microsoft 365, built on the open-source OpenClaw runtime. Announced at Build 2026 (2026-06-02) as an experimental Frontier-program release: a Windows/macOS desktop app that reads/writes files, runs shell commands, drives a browser, and manages email, calendar, and Teams. Pairs 2026's strongest enterprise governance โ€” per-agent Entra identity, task-scoped credentials, in-line Purview DLP, human sign-off โ€” with a heavily CVE-burdened OSS core.

Last Evaluated: July 9, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

๐Ÿš€Performance & Reliability
+
task completion accuracy

Assessment based on vendor-described capabilities and internal dogfooding; experimental preview with no independent benchmark or field data

Evidence
Microsoft 365 Blog - Introducing Microsoft Scout โ€” Proactively schedules meetings across time zones, generates prep materials, blocks calendar time for deliverables, and flags stalled decisions; Microsoft employees dogfooded an early desktop build, but no independent completion data exists yet
lowVerified: 2026-07-09
tool use reliability

Review of the documented tool stack combining OpenClaw's proven runtime tools with first-party Microsoft 365 integrations

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Broad, mature tool integrations: file read/write, shell with tiered permissions, Playwright browser automation, Microsoft Graph (mail, calendar, Teams, OneDrive), and bundled Office document skills
mediumVerified: 2026-07-09
multi step planning

Evaluation of documented autonomous execution modes and multi-step task handling

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Works through multi-step tasks showing progress in real time; autonomous modes include Heartbeat (15-120 min background check-ins) and Automations (scheduled or condition-triggered tasks)
mediumVerified: 2026-07-09
memory persistence

Review of cross-conversation memory and persistent agent identity design

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Remembers preferences and decisions across conversations; always-on identity persists as a continuous agent rather than per-session instances
mediumVerified: 2026-07-09
error recovery

Inference from the OpenClaw runtime plus the conformance checking design; no independent reliability data for the experimental release

Evidence
InfoQ - Microsoft Scout announced at Build 2026 โ€” Inherits OpenClaw's agent loop retry behavior; a policy conformance system continuously checks operation against guidelines, but recovery behavior in unattended always-on operation is unproven at preview stage
lowVerified: 2026-07-09
agent collaboration

Review of sub-agent delegation and skill extensibility

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Launches specialized sub-agents that run in parallel for research, code review, and complex tasks, reporting results when finished; custom skills via SKILL.md files
mediumVerified: 2026-07-09
๐Ÿ›ก๏ธSecurity
+
tool sandboxing

Architecture review: desktop-native execution with permission gating rather than isolation, scored against the OpenClaw core's exceptional CVE volume (including RCE CVE-2026-25253 and CVSS 9.9 privilege escalations CVE-2026-22172/CVE-2026-32922)

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Runs directly on the user's Windows/macOS desktop with permissioned access to the file system, shell, and browser โ€” a tiered permission system and sensitive-directory flags, but no VM or OS-level isolation of execution by default
GitHub - jgamblin/OpenClawCVEs tracker โ€” The underlying OpenClaw runtime logged 137 security advisories between 2026-02-02 and 2026-04-04 alone (~one every 15 hours); its first formal audit (2026-01-25) found 512 vulnerabilities including 8 critical, and hundreds of CVEs are now tracked
mediumVerified: 2026-07-09
access control

Review of identity architecture, credential scoping, approval gates, and permission granularity โ€” the strongest agent access-control story evaluated to date

Evidence
Microsoft 365 Blog - Introducing Microsoft Scout โ€” Each agent operates under its own governed Entra identity (not a shared service account); credentials are scoped to the task at hand and redacted from logs and diagnostics; sensitive actions can require human sign-off before proceeding
Microsoft Learn - Microsoft Scout overview โ€” Granular permissions: enable/disable capability categories (file system, shell, browser, M365), per-command shell auto-approve lists, and sensitive directories that always require explicit approval
highVerified: 2026-07-09
prompt injection defense

Threat surface analysis of always-on ingestion of untrusted content combined with desktop shell/browser reach; governance gates credit partially offset the OpenClaw heritage and unattended autonomy

Evidence
Help Net Security - Microsoft Scout opens a new category of always-on Autopilots โ€” Always-on operation across email, chats, web pages, and documents is a maximal injection surface; human sign-off on sensitive actions and the policy conformance system mitigate, but unattended Heartbeat/Automation runs execute without a user watching
lowVerified: 2026-07-09
data isolation

Review of in-line Purview DLP enforcement and tenant boundaries versus the broad local-plus-cloud reach of a single agent identity

Evidence
Microsoft 365 Blog - Introducing Microsoft Scout โ€” Microsoft Purview policies including sensitivity labels and data loss prevention are enforced in the moment as the agent acts; M365 data stays within the tenant boundary, though the agent itself spans local files, shell, and web
mediumVerified: 2026-07-09
open source transparency

Source availability assessment: inspectable OSS core (a transparency positive that also exposes its CVE record) with a closed proprietary shell

Evidence
The New Stack - Microsoft made the agent runtime free โ€” Built openly on the OpenClaw open-source runtime, with Microsoft contributing policy conformance upstream; the Scout product layer, M365 integrations, and models remain proprietary
highVerified: 2026-07-09
๐Ÿ”’Privacy & Compliance
+
data retention

Review of M365 enterprise retention commitments as applied to a preview service

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Operates under Microsoft 365 enterprise data commitments and existing customer-agreement preview terms; tenant data handling follows M365 retention policies, though Frontier preview terms are less settled than GA services
mediumVerified: 2026-07-09
gdpr compliance

Compliance posture assessment under Microsoft's certifications and the E7 suite's integrated compliance stack

Evidence
Microsoft Blog - Introducing the First Frontier Suite โ€” Ships inside the Microsoft 365 compliance umbrella (E7 Frontier Suite bundles E5 security/compliance, Entra Suite, Agent 365) with Purview, eDiscovery, and EU Data Boundary applying to agent activity
mediumVerified: 2026-07-09
third party data sharing

Data flow analysis of first-party processing versus user-permitted web reach

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Processing stays within Microsoft's cloud and the local device; no third-party model providers, though browser automation can reach arbitrary sites the user permits
mediumVerified: 2026-07-09
local deployment option

Deployment options assessment: substantial local execution surface tethered to Microsoft's cloud

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Desktop application executes locally on Windows 11/macOS 12+ against local files and shell, but requires the M365 cloud, Entra, Frontier enrollment, and cloud model inference โ€” no self-hosted or air-gapped mode
mediumVerified: 2026-07-09
๐Ÿ‘๏ธTrust & Transparency
+
documentation quality

Documentation completeness review of the Learn corpus and admin guidance

Evidence
Microsoft Learn - Microsoft Scout documentation โ€” Full Microsoft Learn documentation set at announcement covering architecture, permissions, autonomous modes, skills, and setup โ€” unusual completeness for an experimental preview
highVerified: 2026-07-09
execution traceability

Review of audit-trail-per-conformance-check design, identity attribution, and live progress visibility

Evidence
TechCrunch - Microsoft launches Scout โ€” Built-in policy conformance system continuously checks operation against set guidelines, with each conformance check producing its own audit trail; real-time progress display and per-agent Entra identity make actions attributable
mediumVerified: 2026-07-09
decision explainability

Assessment of progress narration and pre-action approval clarity; autonomous background runs are less observable in the moment

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Shows tool selection and step-by-step progress in real time and asks for approval before sensitive actions (sending email, running commands, writing files)
mediumVerified: 2026-07-09
open source code

Open source assessment of the hybrid OSS-core/proprietary-shell model

Evidence
The New Stack - Microsoft made the agent runtime free โ€” The OpenClaw runtime core is open source with Microsoft contributing upstream (policy conformance), but Scout's product layer, Graph integrations, and governance plane are closed
highVerified: 2026-07-09
community activity

Community engagement analysis of upstream OSS activity versus the gated preview product

Evidence
Thurrott - Build 2026: Microsoft unveils Scout โ€” Major Build 2026 launch attention and a very active upstream OpenClaw community, but Scout itself is gated to Frontier participants with a small early-access population
mediumVerified: 2026-07-09
โš™๏ธOperational Excellence
+
ease of integration

Onboarding friction assessment covering Frontier enrollment, licensing prerequisites, and tenant configuration

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Native M365 integration once running, but access requires Frontier program enrollment, opt-in attestation, Intune configuration, and Copilot licensing โ€” meaningful admin setup before first use
highVerified: 2026-07-09
scalability

Assessment of per-user agent model, sub-agent parallelism, and fleet governance via Agent 365

Evidence
Microsoft Learn - Microsoft Scout overview โ€” One always-on personal agent per user with parallel sub-agents; org-wide fleet management arrives via Agent 365 in E7, but preview capacity limits are undocumented
lowVerified: 2026-07-09
cost predictability

Pricing analysis of the fixed E7 seat cost stacked with variable usage-based Copilot Credits for a continuously running agent

Evidence
Microsoft Blog - Introducing the First Frontier Suite โ€” Positioned within the Microsoft 365 E7 Frontier Suite at $99/user/month (GA 2026-05-01), with agent usage billed on top via Copilot Credits
Microsoft Learn - Usage-based billing with Copilot Credits โ€” Copilot Credits pay-as-you-go at $0.01/credit went live for agent workloads 2026-06-16; per-task cost varies with model, context retrieved, tool calls, and runtime โ€” an always-on agent makes monthly spend hard to forecast
mediumVerified: 2026-07-09
monitoring capabilities

Review of the integrated audit, identity, DLP, device management, and cost monitoring stack

Evidence
Microsoft 365 Blog - Introducing Microsoft Scout โ€” Per-conformance-check audit trails, Entra identity attribution, Purview enforcement, Intune management, and Copilot Credits cost dashboards give admins end-to-end observability of agent activity and spend
mediumVerified: 2026-07-09
production readiness

Maturity assessment: weeks-old experimental preview of a new product category (always-on Autopilots) on a fast-moving OSS core

Evidence
Microsoft Learn - Microsoft Scout overview โ€” Explicitly prerelease: experimental Frontier preview with restricted functionality, no GA timeline, and Microsoft's warning that availability and capabilities may change
highVerified: 2026-07-09
Strengths
  • +Best-in-class agent governance: each agent gets its own governed Entra identity instead of a shared service account
  • +Task-scoped credentials that are redacted from logs and diagnostics
  • +In-line Purview enforcement: sensitivity labels and DLP applied at the moment the agent acts
  • +Human sign-off gates on sensitive actions, plus granular per-capability and per-command permissions
  • +Policy conformance system where every check produces its own audit trail
  • +Deep native M365 reach (mail, calendar, Teams, OneDrive, Office skills) with sub-agent delegation and custom SKILL.md skills
  • +Open-source OpenClaw core with Microsoft contributing governance work upstream
Limitations
  • !Wraps a heavily CVE-burdened OSS core: OpenClaw logged 137 advisories in Feb-Apr 2026 alone, a 512-finding first audit, and critical RCE/privilege-escalation CVEs (CVE-2026-25253, CVE-2026-22172, CVE-2026-32922) โ€” Microsoft's governance layer cannot patch faster than upstream
  • !Runs natively on the user's desktop with file/shell/browser reach โ€” permission-gated but not VM-isolated by default
  • !Always-on ingestion of email, chats, and web content is a maximal prompt-injection surface, and Heartbeat/Automation runs execute unattended
  • !Experimental Frontier preview: restricted functionality, may never reach GA, capabilities can change without notice
  • !Expensive and hard to forecast: E7 Frontier Suite at $99/user/mo plus usage-based Copilot Credits ($0.01/credit, live 2026-06-16) for a continuously running agent
  • !Heavy prerequisites: Frontier enrollment, opt-in attestation, Intune configuration, and Copilot licensing
  • !Windows 11/macOS 12+ desktop only; no web, mobile, or self-hosted option
Metadata
license: Proprietary product layer on the open-source OpenClaw runtime (Microsoft contributes policy conformance upstream)
supported models
0: Microsoft-hosted models (Copilot stack, including new in-house models announced at Build 2026)
deployment type: Desktop app (Windows 11+, macOS 12+) with local file/shell/browser execution tied to the Microsoft 365 cloud
architecture: OpenClaw open-source agent runtime + Microsoft governance plane (Entra Agent ID, Purview DLP, Intune, policy conformance system)
tool support
0: File system read/write (permissioned)
1: Shell with tiered permissions
2: Playwright browser automation
3: Microsoft 365: mail, calendar, Teams, OneDrive, meetings
4: Bundled Word/Excel/PowerPoint/Loop skills; custom SKILL.md skills
5: Sub-agents, Heartbeat background runs, Automations
first release: Announced Build 2026 (2026-06-02); experimental preview via the Frontier program
pricing: Positioned with Microsoft 365 E7 Frontier Suite ($99/user/mo, GA 2026-05-01); agent usage billed via Copilot Credits ($0.01/credit pay-as-you-go, live 2026-06-16)

Use Case Ratings

research assistant

Parallel sub-agent research across M365 content and the web, with results delivered into Office documents

data analysis

Excel skill plus shell access support spreadsheet and scripted analysis within governed boundaries

content creation

Bundled Word/PowerPoint/Loop skills and co-create mode produce and jointly edit documents

customer support

Personal productivity agent, not a customer-facing bot; can triage a user's own inbox but is not built for support queues

code generation

Can edit code, run builds/tests via shell, and delegate code review to sub-agents, but GitHub Copilot remains Microsoft's dedicated coding agent