Microsoft has announced the introduction of Copilot Actions for Windows 11, a new experimental feature that enables AI-powered agents to perform tasks directly on local files while maintaining robust privacy and security standards. The feature expands on Microsoft’s earlier Copilot Actions on the web—first announced in May 2025—by extending these agentic capabilities beyond the browser. Initially rolling out to Windows Insiders through Copilot Labs, the preview marks a key step toward secure, AI-driven task automation within the Windows ecosystem.
Features
Copilot Actions is designed to act as an active digital collaborator rather than a passive assistant. The AI agent can perform actions like clicking, typing, and scrolling across apps and files—helping users update documents, organize folders, send emails, or even book tickets. By integrating with Windows, Copilot Actions leverages on-device apps and data, performing complex tasks once users explicitly grant permission.
The new system introduces an agent workspace—a contained environment where the AI can operate separately from the user’s session. This workspace enables runtime isolation, ensuring that agents work securely in parallel with users. During its preview phase, Copilot Actions will have access only to specific known folders such as Documents, Downloads, Desktop, and Pictures, with any additional access requiring user authorization.
Security and privacy
Microsoft’s launch emphasizes its focus on securing agentic AI as these systems evolve. AI agents, which can now take real-world actions on behalf of users, introduce potential security risks such as cross-prompt injection (XPIA), where malicious content could manipulate agent behavior. To address such threats, Microsoft has outlined four core Agentic Security and Privacy Principles designed to safeguard user data and control:
1. Distinct agent accounts: Copilot Actions operates using a separate, dedicated agent account, enabling distinct policy enforcement and clear differentiation from the user account.
2. Limited agentic privileges: Agents start with minimal permissions and require explicit consent to access or modify local files. Access can be revoked by users at any time.
3. Operational trust: Only trusted, signed agents can integrate with Windows. Misbehaving or malicious agents can be blocked or revoked using certificate validation and antivirus protections.
4. Privacy-preserving design: The system aligns with Microsoft’s Responsible AI Standard and Privacy Statement, ensuring agents handle data transparently and for defined purposes only.
In addition, the preview introduces new security building blocks within Windows 11. Copilot Actions will be disabled by default, requiring users to enable it manually under Settings. Users can also monitor, authorize, or override agent actions in real time through User Transparency controls.
Microsoft says that feedback from Windows Insiders will be essential to refining Copilot Actions before a broader rollout. The company plans to expand the feature with additional security layers such as Entra and Microsoft Account (MSA) identity integration.
As AI becomes more embedded in everyday workflows, Microsoft reiterates that Windows 11 remains its most secure platform to date. The company plans to share more details about Copilot Actions and the future of agentic AI at Microsoft Ignite 2025 in November.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
