Copilot Agents · 7 June 2026 · 7 min read
Microsoft Scout and the Rise of Autopilot Agents: What Accountancy and Law Firms Actually Need to Know
Microsoft Scout is its first autopilot agent. A clear, honest guide to what Scout can do and why accountancy and law firms should build foundations before adopting it.
TL;DR
- Scout is Microsoft's first autopilot, an always-on desktop agent that acts without being prompted, reaching your files, the web through a real browser and your full Microsoft 365.
- The controls are genuinely considered, but for regulated firms the catches matter: limited preview availability, heavier licensing, hard setup and the possibility of client data leaving the Microsoft boundary.
- The right move today is not to chase Scout. It is to get Copilot adoption, governance and data hygiene right so any future agent is safe to use.
Microsoft has announced a new category of AI it’s calling autopilots, and the first one is called Scout. The headlines have been loud, the demos look impressive and a lot of firm leaders are already being asked by their teams whether they should be using it.
Here’s the honest answer for most accountancy and law firms: not yet. But it’s worth understanding exactly what Scout is and what it can do, because the work you do over the next few months will decide whether your firm is ready for this category or scrambling to catch up.
Let me uncomplicate it.
What an autopilot agent actually is
Up to now, Copilot has been something you prompt. You ask, it answers, the exchange ends. Useful, but reactive. You’re still the one driving every interaction.
An autopilot is different. It’s an always-on agent that runs quietly in the background, learns how work gets done across your apps, and takes action without being prompted each time. It has its own identity inside your tenant, and it operates within the permissions and policies your organisation sets.
Scout is Microsoft’s first autopilot. Importantly, it isn’t a feature buried inside the Copilot you already have. It’s a separate desktop application you install on Windows or macOS, and that distinction matters, because a desktop app can reach things a cloud chatbot never could.
That’s the shift in a sentence: from AI you use to AI that acts. We’ve written before about how Microsoft Copilot agents move from answers to business tasks, and Scout is the clearest sign yet of where that road leads.
What Scout can actually do
This is where the conversation gets real. Scout is far more capable than the Copilot tools your firm has today, and the reason is simple. It’s been given a much bigger set of tools and a lot more access. Here’s what it can actually reach.
Your files and your machine
Scout works inside a workspace folder on the local drive. It can read, write and search files there, not just the documents sitting in SharePoint or OneDrive. It can also run commands on the machine itself, including builds, scripts and developer tooling.
For a firm, the headline is that this is an agent operating on the actual computer, not just in the cloud. Most of the deep technical capability here is aimed at software developers, but the principle holds for everyone: Scout can act on the local device, not only on tidy, governed cloud data.
The web, through a real browser
This is the capability that should make every firm pause, and it’s the one people underestimate.
Scout can drive a web browser. Using browser automation, it can navigate to pages, fill in forms, take snapshots of what it sees and inspect what’s happening behind the scenes. In practice that means it can log into websites and carry out actions as if it were you.
Sit with what that means for a professional services firm. An agent that can log in and act on a website is an agent that could, in principle, reach your practice management system, a client portal, Companies House, HMRC, a case management platform or any other tool your people sign into through a browser. The power and the risk are the exact same sentence. This is not a chatbot summarising a document. It’s software taking actions on live systems on your behalf.
Your Microsoft 365
Scout connects across your Microsoft 365 world. It can read and manage email, work with your calendar, read Teams chats, reach OneDrive files and pull in meeting content. It uses Microsoft’s intelligence layer, Work IQ, to answer complex questions that span all of those services at once.
So it isn’t just looking at one document. It can build a picture across your inbox, your files, your calendar and your conversations, then act on what it finds. That picture is only as good as the data underneath it, which is exactly why your Microsoft 365 data setup decides how useful Work IQ can be.
Producing the work
On the output side, Scout can create and edit Word documents, Excel spreadsheets, PowerPoint decks and diagrams. For an accountancy or law firm this is the part that maps most obviously onto fee-earning work: drafting, modelling, formatting and document production.
Working on its own
The capabilities above are useful on demand. What makes Scout an autopilot is that it can do them without you.
It has a background mode that wakes up on a schedule, as often as every fifteen minutes, to run a task you’ve set, such as triaging your inbox or watching for diary clashes. It can run automations that fire at set times or when a condition you define becomes true. It can spin up specialist sub-agents to work on several things in parallel. And it remembers context, decisions and preferences across conversations, so it gets more tailored to you over time.
Put simply, you can point it at a recurring job and walk away, and it will keep working while you get on with something else.
So is it a security nightmare? Not exactly
Here’s where I want to be fair, because the easy move is to make all of this sound terrifying, and that wouldn’t be honest.
Microsoft has clearly thought about the controls. Scout operates inside your Microsoft 365 security boundaries and can only reach data your account is already allowed to reach. Shell commands run through a three-tier permission system, where safe commands run automatically, riskier ones pause for your approval and destructive ones are blocked outright. You can mark sensitive folders as off limits unless you explicitly approve access. Before Scout does anything sensitive, like sending an email or posting in Teams, it stops and shows you exactly what it intends to do so you can approve or deny it. And it deliberately treats outside content, such as the text of an email or a web page, as untrusted data rather than as instructions to follow, which is a sensible defence against a whole class of attacks.
That’s a genuinely considered model, and it’s worth saying so. If you’ve heard “autonomous AI agent” and pictured something rampaging through your systems unchecked, that’s not the design. For a fuller look at the architecture behind it, see our earlier piece on what Scout and autopilots mean for professional services.
So what’s the catch for regulated firms
The catch isn’t that Scout is careless. It’s that it’s powerful, autonomous and far-reaching, and your firm operates under obligations most businesses don’t. A few things deserve real scrutiny before anyone in your firm touches it.
It isn’t generally available. Scout is currently an experimental release in Microsoft’s Frontier programme, with a broader preview to follow and general availability still unconfirmed. Microsoft is explicit that preview features can change and may never reach full release. This is not something to build your year around yet.
The licensing stack is heavier than you’d expect. Scout needs a Microsoft 365 Copilot licence and a GitHub Copilot licence on top, and that second one brings consumption-based credit charges. Instead of predictable all-in pricing, you pay based on how much the underlying AI is used. For a firm trying to budget Copilot sensibly, that’s a different commercial model entirely.
Getting it running is deliberately hard. Access requires enrolment in the Frontier programme, an Intune policy configured by your administrators, a formal opt-in attestation where someone signs off on understanding the risks, and per-user provisioning. It’s off by default and nobody can sign in until IT has completed every step. That friction is intentional, and it’s a fair signal of how seriously Microsoft takes the power of the thing.
Your data may leave the Microsoft boundary. This is the one that matters most for you. Scout’s processing runs through the GitHub Copilot SDK, which can connect to external AI models as a subprocessor. For most businesses that’s a footnote. For a firm holding privileged legal matters or confidential client financials, it’s the whole conversation. Your compliance and information security people need to understand precisely where client data flows and under whose terms before a single fee earner switches it on. This is the same question we walk through in our guide to using Copilot with client data.
Autonomy raises the accountability question. When an agent acts on your behalf, who is responsible for what it does? If a heartbeat task sends the wrong email or a browser automation acts on the wrong client record, the controls reduce that risk but they don’t remove the question. Regulated firms have to be able to answer it.
The pattern is consistent. Every capability that makes Scout exciting is the same capability that makes it a governance question, not just an IT one.
So what should your firm do instead
Sitting on your hands isn’t the answer either. The arrival of autonomous agents is a signal, and the signal is this: the window for getting your foundations right is closing.
An autopilot is only as safe and as useful as the environment it operates in. If your permissions are messy, your SharePoint is a sprawl and your people don’t yet trust or understand Copilot, handing an autonomous agent the keys is the last thing you want to do. Firms that rush in without that groundwork will create risk. Firms that have done the groundwork will be ready to adopt agents on their own terms when the time is right.
That foundation work is unglamorous but it’s where the real value sits right now:
- Get everyday Copilot adoption actually working, so your fee earners use it well and trust it. This is the difference between licences and genuine adoption.
- Tighten up your governance, permissions and data hygiene so you know exactly what any AI can and can’t reach. A tidy, well-permissioned SharePoint is the starting point, which is why SharePoint readiness matters more than ever.
- Decide your position on where firm and client data is allowed to flow, before a tool forces the question for you.
- Build the habits and policies that mean you’re deciding how AI operates in your firm, rather than reacting to whatever Microsoft ships next.
This is the whole point of doing the boring bits properly. When autonomous agents become something a regulated firm can genuinely use, the firms that have done the work won’t need to panic. They’ll already have the controls, the culture and the confidence in place.
The bottom line
Scout is a serious glimpse of where Microsoft is taking this, and the controls around it are more thoughtful than the hype or the fear would suggest. But for accountancy and law firms, the right move today isn’t to chase the newest agent. It’s to build the foundation that makes any future agent safe to use.
A practical first step is a Copilot readiness assessment that checks whether your identity, permissions and data hygiene could safely support an autopilot when it reaches general availability, alongside the wider Copilot agents groundwork.
Get the fundamentals right first. Everything else gets easier from there.
Working out how to get Copilot adoption and governance right before the next wave of AI lands? That’s exactly what FiveForward does. Get in touch and let’s uncomplicate it.
Related reading
More on copilot agents
Common questions