Microsoft supports OpenClaw on Windows with Execution Containers

• Microsoft used Build to show OpenClaw running on Windows, and steipete's gateway clarification said the demo was the actual OpenClaw gateway, not a lookalike.
• In Microsoft's Build post, the company said OpenClaw now runs natively on Windows with Microsoft Execution Containers, while steipete's repost of Jennifer Marsman pointed to the MXC repo used for that sandboxing layer.
• Microsoft's security post positioned OpenClaw as the first local agent Agent 365 can discover and manage on Windows, which lines up with steipete's enterprise post about bringing the project into enterprise environments.
• steipete's observability note said recent OpenClaw work added observability and verifiable workspaces, while OpenClaw's auto-approval blog post described a guardian-style review path aimed at enterprise-safe execution.

You can read Microsoft's Windows developer announcement, inspect the early-preview MXC repository, and cross-check OpenClaw's own docs, where the workspace guide says the default workspace is not a hard sandbox unless sandboxing is enabled. The Build reveal also came with a specific claim from steipete's observability note about observability and verifiable workspaces, plus a practical Windows detail from steipete's repost of Jennifer Marsman, which said MXC lets OpenClaw run natively on Windows with sandboxing.

The core reveal was simple: Microsoft put OpenClaw onstage at Build, then Peter Steinberger clarified that what people saw was the OpenClaw gateway itself. Microsoft's Build post makes the same point in product language, saying OpenClaw runs natively on Windows through MXC and that the Windows node and gateway run contained.

Build demo clip

The Windows side matters because OpenClaw's own agent workspace docs say the workspace is only the default working directory, not a hard sandbox, unless sandboxing is turned on. MXC gives Microsoft a native containment layer for that missing piece.

The MXC repository describes the project as a sandboxed code execution system for untrusted model output, plugins, and tools across Windows, Linux, and macOS. In the current preview it supports policy controls for filesystem, network, and UI access, exposes a TypeScript SDK, and ships with multiple backends including ProcessContainer and Windows Sandbox.

Microsoft is also careful about the maturity level. The repo's warning says this is an early preview, some generated policies are still overly permissive, and current MXC profiles should not yet be treated as security boundaries.

Steinberger framed the Microsoft tie-up as an enterprise move, and the surrounding details fit that read. In Microsoft's security post, the company said Agent 365 can already discover and manage local OpenClaw agents on Windows, with GitHub Copilot CLI and Claude Code planned next.

That same post says Windows will pair monitoring with policy-based controls for what agents are allowed to do. On the OpenClaw side, steipete's observability note said the team has been adding observability and verifiable workspaces, and OpenClaw's auto-approval post describes a three-step approval flow built for enterprise environments:

1. Policy checks run first.
2. Low-risk misses can be reviewed by a model.
3. Uncertain cases still route to a human.

That is a pretty direct bridge from hobbyist computer use into auditable Windows deployments.

The more interesting creative angle is that OpenClaw still looks designed for people who want to assemble their own stack. steipete's modularity post said the project should stay modular and lean, and LLMJunky's SDK comment added that the SDK is pleasant to build on.

One concrete example came from steipete's QA assistant post, where Steinberger described training Codex as a background QA assistant for OpenClaw. His setup generates a user-test scenario for each commit, uses webVNC and browser or computer-use tools to test the app like a human, then opens pull requests with fixes.

That detail lands differently after the Windows announcement. Microsoft is not only helping OpenClaw run on Windows, it is giving teams a native way to contain the kind of browser-driving, file-touching agent loops that creators are already wiring into real build and QA workflows.