What changed

Microsoft added several public preview capabilities that make local AI agents on Windows endpoints more visible and manageable.

In Microsoft Defender XDR, the June 2026 what’s new page lists local AI agent discovery for onboarded Windows devices. Microsoft says supported coding agents, IDE extensions, desktop AI assistants, local AI runtimes, and agent platforms can appear in the AI agent inventory, exposure map, and advanced hunting.

The same Defender XDR update also lists preview runtime protection for supported local AI agents on Windows endpoints. Microsoft describes this as inspection of the agent loop, including user prompts, tool calls, and tool responses, with the ability to audit or block risky activity before it executes.

In Microsoft Intune, the June 2026 service release adds a public preview path for detecting and blocking Shadow AI on Windows. Microsoft describes three pieces: a properties catalog policy to collect the Local AI Agent entity, Device Query to view devices with a local AI agent, and the Local AI Agent Baseline - OpenClaw (Preview) to block OpenClaw.

Microsoft also notes that the Defender XDR advanced hunting table AgentsInfo is now in preview, and that AIAgentsInfo remains accessible until July 1, 2026 while customers update queries.

Why admins should care

This is not just another inventory feature. Local AI agents are starting to behave like operational tooling on endpoints. They can read files, call tools, generate code, interact with browsers, and run inside developer or productivity workflows.

For Microsoft 365 admins, this changes the rollout conversation from "do we allow AI tools?" to a more practical question: "which AI agents are present, where are they running, and what controls do we have if one becomes risky?"

The useful part is the combination:

  • Defender XDR gives security visibility, hunting, exposure, and runtime protection signals.
  • Microsoft Intune gives endpoint management controls, Device Query, and a preview baseline for blocking a supported local agent.
  • Advanced hunting gives teams a way to build repeatable evidence instead of relying on screenshots or one-off checks.

For me, this is the kind of change I would treat as an early governance signal, not as a reason to block everything immediately.

What I would check first

I would start with visibility before enforcement.

  1. In Microsoft Defender portal, check whether AI agent inventory and exposure views are available in the tenant.
  2. In Microsoft Defender XDR > Advanced hunting, review any existing queries that use AIAgentsInfo and plan to move them to AgentsInfo before July 1, 2026.
  3. In Intune admin center > Devices > Device query, check whether Local AI Agent data is available for Windows devices.
  4. In Intune admin center > Devices > Configuration, review the properties catalog option for collecting the Local AI Agent entity.
  5. If OpenClaw is relevant, review the preview Local AI Agent Baseline - OpenClaw before assigning it.

I would not start by broadly blocking preview controls across all users. A better first step is a small pilot group, documented exceptions, and clear validation in Defender XDR and Intune.

Practical rollout / validation steps

A safe rollout could look like this:

  1. Inventory first
    Confirm which supported local AI agents are detected and where the signal appears: inventory, exposure map, advanced hunting, or Intune Device Query.

  2. Update hunting content
    Move any early AI-agent hunting logic from AIAgentsInfo to AgentsInfo. Keep the old query only as a temporary compatibility check until the Microsoft retirement date.

  3. Pilot Intune collection
    Use a small Windows pilot group for the properties catalog policy. Validate that the collected Local AI Agent entity appears where expected.

  4. Decide the policy posture
    Separate discovery, audit, and blocking decisions. Some environments may only need visibility at first. Others may need blocking for specific unsupported agents.

  5. Validate user impact
    If testing the OpenClaw baseline, validate that the block is visible to support staff and that exceptions can be handled without creating unmanaged workarounds.

Watch-outs

These features are in public preview, so I would avoid treating them as a complete AI governance platform.

A few practical cautions:

  • Supported agent coverage may not include every local AI tool users install.
  • Runtime protection is described for supported local AI agents, not all possible AI workflows.
  • Blocking one agent does not solve browser-based AI usage, SaaS connectors, unmanaged extensions, or data handling policy by itself.
  • If you already created hunting queries against AIAgentsInfo, the July 1, 2026 transition to AgentsInfo needs cleanup.
  • Intune blocking should have a pilot, an exception path, and a helpdesk-ready explanation.

What changed after reading these updates is that I would now put local AI agents into the same governance backlog as browser extensions, developer tools, and SaaS app discovery. Not panic, but visible ownership.

Official Microsoft sources