Microsoft just revealed how Windows 11 is evolving into an agentic OS — finally the explanation we've all been waiting for

Microsoft has just published a new support document that details how Windows 11 is evolving into an agentic OS. The company has openly stated that the future of Windows is one that will be AI native, focused on agentic capabilities that allows your PC to take control and complete tasks on your behalf. Now, we know how it's going to work.

"Windows is committed to making agentic experiences with apps more productive and secure for individuals and enterprises," Microsoft says. "As part of this vision, Windows is introducing a new experimental feature — agent workspace — available in a private developer preview for Windows Insiders in a release coming soon. This early preview reflects our phased approach to delivering agentic capabilities, starting with limited access to gather feedback and strengthen foundational security."

The company says agent workspaces are a "separate, contained space in Windows where you can grant agents access to your apps and files so they can complete tasks for you in the background while you continue to use your device." The feature depends on a new 'experimental agentic features' toggle that must be enabled by the user first before the agentic workspace is enabled.

"Each agent operates using its own account, distinct from your personal user account. This dedicated agent account establishes clear boundaries between agent activity and your own, enabling scoped authorization and runtime isolation. As a result, you can delegate tasks to agents while retaining full control, visibility into agent actions, and the ability to manage access at any time."

For now, agents will operate in their own separate Windows session, complete with their own desktop environment, meaning the AI will be able to run apps in parrallel with the user, just like a PC with multiple user accounts setup. Microsoft says "these workspaces are designed to be lightweight and secure, with memory and CPU usage scaling based on activity."

"For common operations, this setup is more efficient than a full virtual machine such as Windows Sandbox, while still providing security isolation, support for parallel execution, and keeping the user in control. The overall experience and security model are actively being refined to support key principles of transparency, safety, and user control."

Microsoft is adamant that agentic AI experiences on Windows 11 are built with security as a top priority. "Agent workspaces represent a key step in enabling intelligent, agent-powered computing. Security in this context is not a one-time feature — it’s a continuous commitment. As agentic features evolve, so will our security controls, adapting to each phase of rollout from preview to broad availability."

The company has highlighted three core pillars of security that must be followed when developing agentic OS experiences:

• Non-repudiation: All actions of an agent are observable and distinguishable from those taken by a user.
• Confidentiality: Agents that collect, aggregate or otherwise utilize protected data of users meet or exceed the security and privacy standards of the data which they consume.
• Authorization: Users approve all queries for user data as well as actions taken.​​​​​​​

It has also outlined important security and design principles all AI agents on Windows should follow:

• Agents are autonomous entities. They are susceptible to attack in the same ways any other user or software components are. Their actions must be able to be contained.
• Agents must be able to produce logs outlining their activities. Windows should be able to verify these actions with a tamper-evident audit log.
• Agents should provide a means to supervise their activities. Many activities of agents are aggregate plans containing multiple steps. Users should be able to review the steps and approve the plan and monitor the execution of the plan. Agents must be able to explicitly request a user’s authorization or decision where necessary.
• Agents should always act under the principles of least privilege and must not be granted permissions or capabilities exceeding that of the initiating user, including administrative rights. Authorized agent privileges should be granular, specific and time bound. Agents must only be able to access sensitive information (e.g. credit card data) in specific, user-authorized contexts such as for carrying out specific actions, such as when interacting with specific applications, or on specified websites.
• Entities on the system – admin, local system, etc. – should not have special access to an agent other than the owner which it acts on behalf of.
• Windows is designed to help agents adhere to Microsoft's commitments made in the Microsoft Privacy Statement and Responsible AI Standard . Windows will support agents in processing data only for clearly defined purposes, ensuring transparency, and trust.

Ultimately, it's clear that Microsoft is taking the responsibility of adding agentic AI experiences to Windows 11 very seriously. Apps and services that build for Windows 11's agentic capabilities will be required to follow these strict guidelines to ensure compliance on the platform.

Any agentic capabilities in Windows 11 will operate in their own AI workspace, separate from the human user, only capable of seeing and interacting with what you've given it. This is the best way to ensure agentic capabilities remain reliable and secure on the platform, as it means an AI can't run off the rails with a task or data, keeping everything safe and easily shut down if necessary.

Microsoft has already announced that Copilot Actions will be one of the first AI apps that takes advantage of these new experimental agentic capabilities. Third-party developers will also be able to build their own AI agents into their apps, which will use the same agentic framework that Microsoft has detailed today.

Follow Windows Central on Google News to keep our latest news, insights, and features at the top of your feeds!