Microsoft did something at Build 2026 that no other hyperscaler has dared: it stood up a class of AI agent that holds its own identity in the corporate directory, watches your inbox, your Teams chat, your OneDrive, and your Windows desktop without being asked, and acts on the work it sees. Omar Shahine, the corporate vice president running the new effort, called it an Autopilot. The product is named Scout, and the official Microsoft 365 blog post went live on June 2, 2026, the morning of the Build keynote. The single line in that post that should pull every CIO into a planning room is this: each Scout instance runs under "its own governed Entra identity, not a shared, anonymous service account." That changes the threat model, the licensing model, and the operations model for Microsoft 365 — at $15 per user per month for the governance layer alone, and that is before a single agent does any work.

What Changed at Build 2026

Microsoft Scout is the first product to ship in a new category Microsoft is now calling Autopilots, defined by Mustafa Suleyman's team as "always-on agents that work autonomously, with their own identity, and act on your behalf." That is a deliberate contrast with the Copilot brand, which the company has consistently described as reactive and prompt-driven. Scout, per the Microsoft 365 blog, runs continuously in the background, proactively schedules and coordinates meetings across time zones, flags important meetings with prep materials, identifies upcoming deliverables and pre-blocks calendar time, and "detects risks like stalled decisions before they become blockers." It reaches across Teams, Outlook, OneDrive, SharePoint, the open web, and the Windows desktop.

According to Help Net Security, Scout was made available through Microsoft's Frontier program on June 2, 2026, with an insider beta planned for late 2026 and general availability targeted for 2027 contingent on what Microsoft is calling reliability, safety, and customer-satisfaction metrics. Windows News reports that the Frontier release ships under organizational opt-in via Intune, requires explicit user attestation that the product is experimental, and presupposes an active GitHub Copilot license — Pro, Business, or Enterprise.

The technical stack is also new. Scout's runtime is built on OpenClaw, the open-source agent framework Microsoft is championing as the orchestration substrate; its context layer is Work IQ, the M365 intelligence layer that maps people, files, projects, meetings, and calendar signals into what Microsoft's Azure team calls a "work graph." Skills execute inside Microsoft Execution Containers, kernel-enforced sandboxes that can back into process isolation, Windows Sandbox, WSL, MicroVM, or hypervisor depending on the risk tier. According to a ChatForest builder-log analysis, Scout itself runs in a heartbeat mode with configurable intervals of 15 to 120 minutes, evaluating environment state against configured goals asynchronously from the user's foreground activity. That is the practical difference between a Copilot and an Autopilot: one waits to be summoned, the other has its own clock.

The pricing structure was confirmed weeks before Build but landed hard at the keynote. According to SAMexpert's licensing guide, Microsoft Agent 365 — the per-user license that brings Entra Agent ID, Purview integration, Defender integration, and the Agent Registry — sells for $15 per user per month and is bundled into the new Microsoft 365 E7 SKU at $99 per user per month. E7 stacks E5 ($60), Microsoft 365 Copilot ($30), Agent 365 ($15), and the Entra Suite ($12) into a single annual commitment that saves roughly $18 per seat over a separate purchase. Microsoft 365 E7 went generally available May 1, 2026.

Why This Matters

For technical leaders, Scout is the first mainstream product to treat agent identity as the primary control plane rather than a bolt-on. Microsoft's Entra Agent ID documentation makes the design explicit: agents authenticate via OAuth 2.0, MCP, or A2A protocols; agent identities support parent-child blueprint relationships so policies cascade across fleets; and every action is logged with conditional access, identity protection, lifecycle governance, and network controls applied at runtime. Microsoft Purview sensitivity labels and DLP policies are evaluated before Scout writes a file, sends an email, or shares a calendar invite. That is the architectural answer to a problem Gartner has been flagging for the better part of a year: by 2030, the firm projects 50 percent of agent deployment failures will trace back to insufficient runtime governance for capabilities and multisystem interoperability.

For business leaders, the more uncomfortable reality is cost shape. The headline $15 number is a governance floor, not a total. The same SAMexpert breakdown notes that Agent 365 explicitly excludes the credits required to build or run agents — those flow through Copilot Studio capacity packs ($200 for 25,000 credits) or Azure AI Foundry pay-as-you-go ($0.01 per credit), billed on a separate Azure invoice. In practical terms, the same Scout deployment now lands on two ledgers: governance on the M365 bill that IT carries, and execution on the Azure bill that developers and lines of business carry. Without explicit FinOps coordination, neither team will see the full cost of a single agent until both invoices arrive, and the CFO's office will be the first to ask why.

The strategic implication is sharper still. With Microsoft committing to ship more than 100 pre-built agents by the end of 2026, every enterprise that runs M365 will have to make an explicit call about how many Autopilots get provisioned, whose identity owns them, and what data they may touch. The default is no longer "off."

Market Context

Microsoft is not the only vendor moving here, but it is the only one with simultaneous control of the identity provider, the productivity stack, the database, and the agent runtime. Salesforce, ServiceNow, and Google are pursuing similar control planes for agents, and according to Constellation Research's Build 2026 wrap-up, Microsoft's Fabric IQ and HorizonDB launches are the data-layer correlates of Scout — the company is betting that agentic value moves from the model to the data context, with the runtime taking it from there.

The analyst signal on this category is mixed. In a May 26, 2026 release, Gartner warned that enterprises applying uniform governance across all AI agents — the binary "lock-everything-down or trust-everything" approach — will see their programs stall. Gartner's recommended pattern is proportional governance with tiered autonomy levels. A separate Gartner forecast projects that over 40 percent of agentic AI projects will be canceled by the end of 2027, citing escalating costs, unclear business value, and inadequate risk controls. McKinsey, NIST, OWASP, MITRE, and the EU AI Office have all flagged autonomous agent behavior as a net-new enterprise attack surface that demands continuous oversight and real-time enforcement, rather than after-the-fact audit. Scout, on paper, is engineered for that posture. Whether it survives contact with production tenants is the open question.

There is also a competitive dynamic worth naming. The Frontier release of Scout requires a GitHub Copilot license, which routes some traffic through GitHub's terms — terms that, per Petri's reporting, include the possibility of third-party model inference, including Anthropic. The legal team should see that early. Procurement should see it earlier.

Framework #1: The 25-Point Autopilot Readiness Assessment

Before Scout — or any Autopilot, including ServiceNow's, Salesforce's, or Google's — touches a production tenant, score your organization across five dimensions, five points each, for a 25-point maximum. Score under 10 and you should not enroll in Frontier. Score 10 to 14 and you are in a controlled pilot of fewer than 50 seats. Score 15 to 19 and you can run a 500-seat managed rollout. Score 20 to 25 and you have the substrate to deploy at the scale Microsoft is signaling.

Dimension 1 — Identity Foundation (5 pts). One point per item: Microsoft Entra ID P2 deployed across the eligible user base; conditional access policies enforced for all M365 services; passwordless or phishing-resistant MFA mandatory; service-principal hygiene reviewed in the last six months; an Entra Identity Governance access-review cadence already running. If you do not run P2, the runtime risk controls in Microsoft's Entra Agent ID stack — Identity Protection for agents in particular — do not light up.

Dimension 2 — Data Governance (5 pts). Microsoft Purview sensitivity labels deployed and enforced on more than 80 percent of documents; DLP policies live for the categories Scout will touch (finance, HR, customer); retention labels applied to mailbox and OneDrive; eDiscovery configured for agent-attributable activity; communication compliance policies cover the channels where Scout will write. Scout enforces these policies in real time, which means the labels and rules you have on the floor today are the ones it will obey tomorrow.

Dimension 3 — Operational Visibility (5 pts). Microsoft 365 audit logs piped to your SIEM; Defender XDR coverage on every endpoint Scout will reach; a per-agent log review process that reconciles Entra audit events against Purview activity events; a runbook for revoking an agent identity in under 15 minutes; a dashboard that shows live agent count, action volume, and rejection rate. Without these, the post-incident question — "what did the agent actually do?" — does not have an answer in minutes.

Dimension 4 — License Architecture (5 pts). Existing M365 E5 or E7 across the eligible base; Microsoft Agent 365 budgeted at $15 per user per month for the Autopilot population; Copilot Studio capacity packs sized against pilot use cases ($200 buys 25,000 credits); a separate Azure AI Foundry budget line with named owner; a FinOps process that monthly reconciles the M365 invoice (governance) against the Azure invoice (execution). Anything less and the program runs into the visibility gap SAMexpert flags as the principal cost surprise of the new SKU.

Dimension 5 — Executive and Operating Sponsorship (5 pts). Named CIO sponsor; named CISO sign-off on the threat model and the Entra Agent ID configuration; named business owner accountable for outcomes; legal review of the GitHub Copilot dependency and any third-party model routing; a quarterly steering committee with documented kill-switch criteria. The pattern that Gartner says fails — uniform governance, no business ownership — is the default when this dimension is empty.

Framework #2: The 90-Day Scout Deployment Timeline

For organizations scoring 15 or above, this is a defensible 90-day path from Frontier enrollment to a 200-seat managed pilot with measurable outcomes.

Days 1 to 14 — Foundation lock. Enroll the tenant in Frontier and accept the experimental attestation. Stand up a dedicated Entra Agent ID blueprint for Scout and constrain it to a named pilot OU. Verify every conditional access policy applies to the agent identity, not just the human user. Configure Intune to scope Scout to the pilot device group. Confirm Microsoft Agent 365 licenses are assigned to the 200 seats. Success criterion: zero Scout instances can be created outside the pilot scope.

Days 15 to 35 — Guardrail validation. Run an internal red-team against the pilot — attempt to coerce Scout into exfiltrating a Purview-labeled file, into sending email on a senior executive's behalf, into modifying a calendar entry for an external attendee. Confirm DLP, sensitivity labels, and human sign-off gates trigger as designed. Wire Entra and Purview signals into the SIEM and validate alert latency. Success criterion: every policy violation Scout attempts is blocked at runtime, not after the fact.

Days 36 to 60 — Controlled production pilot. Enable Scout for 50 of the 200 licensed users (the highest-intent volunteers). Track three KPIs daily: actions executed, actions rejected by policy, and user-initiated reversals. Run a weekly Autopilot Review Board with CIO, CISO, and pilot business owner. Maintain a public log of every kill-switch trigger so the org learns what trips Scout. Success criterion: weekly action volume rises while rejection and reversal rates trend down.

Days 61 to 90 — Scale to 200 and report. Open the pilot to the remaining 150 users with onboarding that explicitly trains them on the Scout taskbar interrupt and the consent model. Produce a 90-day report with measured time saved per role, dollar cost across both invoices, and Gartner-style governance maturity score. Decide explicitly: expand to the next 1,000 seats, hold at 200, or wind down. Success criterion: an evidence-backed go / no-go decision goes to the CFO and CISO together.

Case Study Pattern: What the Microsoft Frontier Early Tenants Are Doing

Microsoft has not named specific Frontier participants for Scout as of June 3, 2026, but the design partner pattern follows the well-known Copilot rollout cohort — large financial services, professional services, and global manufacturing tenants that already run M365 E5, Purview at scale, and Entra ID P2. The pattern, observed across the Help Net Security coverage and the early enterprise readouts referenced by Windows News, looks like this: an opt-in cohort of 100 to 500 users in a single business function (executive operations, finance close, customer success), an explicit board paper that names a kill-switch owner, and a weekly metrics review tied to a single named business outcome — "cut executive scheduling time by 40 percent" is a common framing.

The reportable lesson from earlier autonomous-agent attempts — AutoGPT in 2023, Claude Computer Use in 2024, and OpenAI's Operator in early 2026 — is that autonomy without auditable identity scales blast radius faster than it scales productivity. Scout's bet is that the Entra-rooted identity model finally closes that gap. The Frontier program is the test. The next 12 months are the verdict.

What To Do About It

For CIOs: run the 25-point readiness assessment against your environment this week. If you score below 15, do not enroll in Scout Frontier. Spend the next two quarters closing the gap on identity, data governance, and operational visibility instead. The exposure of pulling an autonomous agent into an unprepared tenant is asymmetric — a single mislabeled SharePoint folder is enough to make Scout the news.

For CFOs: budget two line items, not one. The first is the per-seat Agent 365 governance fee at $15 per user per month, or the E7 bundle at $99. The second is the consumption-based execution charge through Copilot Studio or Azure AI Foundry, which has no fixed ceiling and which will land on a different invoice than the first. Demand monthly reconciliation between M365 and Azure billing — the SAMexpert reading is that the cost-visibility gap is the largest controllable risk in the new SKU.

For business leaders: pick one workflow with a measured baseline. Executive scheduling, customer-renewal triage, and finance close pre-work are the three patterns Microsoft is leading with. If the workflow does not already have a baseline metric, Scout is not the right starting point — instrument first, automate second. The Gartner forecast that 40 percent of agentic projects get canceled by 2027 is overwhelmingly a measurement and value-clarity failure, not a technology failure.

---

Continue Reading

• Microsoft 365 E7 and Agent 365 GA: The Control-Plane Bet
• Microsoft's 7 MAI Models: End of Single-Vendor AI Era
• ServiceNow Project Arc and Microsoft Agent 365: Universal Governance
• Gartner: 40% of AI Agents Will Be Decommissioned — Tiered Governance Is the Fix
• Ping vs Okta vs Entra: Which IdP Owns AI Agent Identity?