Microsoft launches OpenClaw Companion for Windows with Microsoft Execution Containers

• Microsoft and OpenClaw used Build to ship a Windows-native path for OpenClaw, with openclaw's announcement framing it as enterprise-ready and testingcatalog's post showing a built-in companion app.
• The security layer under the launch is Microsoft Execution Containers, which Microsoft described in its Windows developer post as a policy-driven runtime for constraining what an agent can access.
• According to steipete's retweet of Jennifer Marsman, OpenClaw runs natively on Windows through MXC, with sandboxing handled by Windows rather than by an unofficial wrapper.
• Microsoft also tied the rollout to Agent 365 on Windows, where OpenClaw is the first local agent Microsoft says it can discover and manage, ahead of GitHub Copilot CLI and Claude Code.

You can browse the MXC repo, read Microsoft's Windows security post, and there is already an official Scout profile describing an always-on Microsoft assistant built on OpenClaw. testingcatalog's companion app post also suggests Microsoft is not treating this as a one-off demo, but as a persistent Windows surface.

The first visible product surface is a Windows Companion app. testingcatalog's first post showed OpenClaw running on Windows, then testingcatalog's follow-up called out an always-on companion app, and testingcatalog's third post described it as built into the Windows ecosystem.

That matters mostly because OpenClaw on desktop has usually shown up through community wrappers or Mac-first demos. Here, the Windows surface is part of Microsoft's own Build story, not a side project.

Microsoft's official framing is that OpenClaw on Windows rides on Microsoft Execution Containers, or MXC. The Build 2026 Windows post says MXC is a policy-driven execution layer, in early preview, where developers declare access to files and network resources and Windows enforces the boundary at runtime.

The MXC repository fills in the technical shape:

• It is a sandboxed code execution system for untrusted code, model output, plugins, and tools.
• It supports Windows, Linux, and macOS behind one JSON schema and TypeScript SDK.
• Its backends range from process sandboxes to heavier isolation, including Windows Sandbox, LXC, Bubblewrap, Seatbelt, MicroVM, Hyperlight, IsolationSession, and WSLC.
• Policy covers filesystem, network, processes, environment variables, and resource limits.

That is a more serious foundation than "OpenClaw, but on Windows." Microsoft is effectively turning agent containment into platform plumbing.

The other half of the launch is governance. In Microsoft's Windows security post, the company says Agent 365 on Windows will discover and manage local agents, starting with OpenClaw, and that organizations will be able to apply policy-based controls to set guardrails for what agents are allowed to do.

Microsoft's Build overview adds the enforcement stack: native Agent 365 integration with MXC is supposed to bring Defender, Entra, Intune, and Purview protections to local agents. The Microsoft Security Blog describes the same setup as OS-level control over agent execution.

The pitch is straightforward: OpenClaw gets a native Windows runtime, and Microsoft gets a way to wrap it in the same identity, compliance, and endpoint controls enterprises already use.

The companion app posts were not the only clue about Microsoft's plans. In the official Scout profile, Microsoft describes an always-on assistant built on OpenClaw by Omar Shahine and Jakob Werner, with its own ID and email address, and says the internal prototype grew from three agents to nine always-on agents in eight weeks.

According to that Scout post, the agent plugs into Microsoft 365 data and uses separate security profiles and tool access per agent. That makes the Windows Companion app look less like a thin launcher and more like a front end for Microsoft's own OpenClaw-derived assistant stack.