Microsoft is moving 365 Copilot closer to autonomous knowledge work with a tool that can operate a browser, use a terminal, and generate reports from information it finds online.
The feature, called Researcher with Computer Use, is designed to let AI agents handle more of the research process without constant manual clicking from the user. It can navigate websites, click through pages, run code, and combine those actions into more complex workflows.
What Researcher with Computer Use does
Researcher with Computer Use works like an autonomous browser agent. The source compares it to the ChatGPT agent because it can interact with web pages directly instead of only responding inside a chat window.
That changes the role of 365 Copilot from a tool that mainly helps draft, summarize, or answer questions into one that can perform multi-step web tasks. In practical terms, the agent can move through websites, search for information, analyze what it finds, and help create a report.
The tool is not limited to browsing alone. Microsoft says it can also run code, which matters for research tasks that involve structured data or analysis. In one Microsoft example, the agent downloads a World Bank dataset from the terminal and uses Python to analyze national savings rates.
That example shows the intended direction of the feature: less manual collection of information, more automated handling of the repetitive steps that sit between a question and a finished piece of analysis.
Why the sandbox matters
Each session runs inside a sandboxed virtual machine created with Windows 365. This means the agent gets an isolated cloud computer for its work instead of acting directly from the user’s own device.
The virtual machine includes a browser, terminal, and text editor. It is kept separate from both the company network and the user’s device, which is an important design choice for a tool that can click around the web and execute code.
Microsoft says login data isn't stored or transmitted. The system can still reach information behind logins, but only when the user or admin approves that access.
When a login or protected action is needed, the system asks for confirmation. The user can step in to log in or approve the specific action, which keeps human control in the loop at points where access matters.
Access behind logins raises the stakes
The agent can access paywalled articles or company databases if approval is granted. That makes it more useful for real research work, because valuable information often sits behind sign-ins rather than on open public pages.
It also makes the boundaries around permissions more important. A browser agent that can reach protected sources is more powerful than a simple summarization tool, but it also needs clearer limits on what it can see and combine.
Microsoft’s setup gives administrators control over several parts of that process:
- Which user groups get access to the tool.
- Which data can be combined.
- Which websites are allowed.
- Which specific data sources users are allowed to share.
By default, the tool blocks company data such as emails, SharePoint, and meetings. Users can share specific data sources, but the default position is not to give the agent broad internal access automatically.
Microsoft also says all sandbox activity can be audited. For organizations, that audit trail is central to understanding what the agent did, where it went, and which actions were taken during a session.
The security question is not settled
The feature arrives with safeguards, but the source makes clear that security risks remain. Autonomous AI systems still create challenges when they interact with external content, especially on the open web.
The reason is straightforward: an agent that can click, navigate, and follow instructions is exposed to more than a conventional chat interface. It may encounter web pages, documents, prompts, and other content that were not created by the user or the company.
Studies continue to warn about the risks of letting AI agents operate freely on the open web. That does not mean tools like Researcher with Computer Use cannot be useful, but it does mean their usefulness depends heavily on controls, approval steps, isolation, and auditability.
Microsoft’s approach reflects that tension. The agent is meant to reduce friction in research and reporting, yet it runs inside a separate Windows 365 environment rather than directly on a user’s machine. It can reach protected information, but access requires approval. It can use company-related data only within limits set by administrators.
What this means for 365 Copilot
For 365 Copilot, Researcher with Computer Use is a step toward AI agents that do more than produce text. The agent can participate in the work process itself: opening pages, gathering information, running analysis, and preparing output from multiple steps.
That shift matters because many knowledge work tasks are not single prompts. They involve searching, checking, extracting, comparing, and turning findings into something usable. Microsoft is positioning 365 Copilot to take on more of that chain.
The tradeoff is that autonomy brings new governance requirements. The more an agent can do on behalf of a user, the more important it becomes to define what it may access, what it may combine, and how its actions are reviewed after the fact.
Researcher with Computer Use shows both sides of the next phase of workplace AI: more capable agents for complex tasks, and a greater need for careful control when those agents operate across websites, protected sources, and company data.