Build and run agents locally on Windows

Windows provides the foundation for building and running agents with identity, isolation, containment, governance, and policy based controls.

Secure by design for local AI agents Agents are moving from answering questions to taking proactive actions. Windows helps developers build and run agents in controlled environments with the guardrails needed for real world use, from local execution and containment to enterprise policy and observability.

Learn how Windows helps you secure agents

Isolate and contain agents

Run agents inside controlled environments with boundaries that match the workload. The Microsoft Execution Containers SDK gives developers a consistent way to apply containment across process isolation, session isolation, and future hardware backed options.

Separate identities for agents

Separate the agent from the human user with distinct local agent identities and Microsoft Entra Agent ID integration where supported. This helps agents run with scoped access, clear accountability, and lifecycle controls.

Apply policy to agent actions

Use policy to define what an agent can access and do before it runs. With Microsoft Intune and Agent 365, organizations can apply guardrails such as filesystem rules and local access controls to help keep agent behavior within approved boundaries.

Observe and manage agents at scale

Agent 365 gives IT and security teams the visibility they need to understand what agents are running, how they are governed, and whether they are operating within policy. Developers can build for enterprise readiness from the start.