OpenClaw is an open-source AI agent framework that gives LLMs real tools and autonomy. It already has a built-in Teams channel, but it works as a traditional bot using delegated auth, meaning the agent acts with your permissions.
OpenClaw A365 takes a different approach. Instead of a bot wearing your credentials, it gives the agent its own identity in your Microsoft 365 tenant, sandboxes its runtime, and makes every action observable to IT – all while extending its reach beyond Teams to Outlook, Word, Excel, and PowerPoint.
Two things I kept coming back to while investigating OpenClaw:
1. Agents need their own identity, not yours.
Traditional bot frameworks use delegated auth — the agent acts as you, with access to everything you can see. That’s terrifying when the agent can reason and take actions autonomously, especially as they get more capable.
With A365’s agentic-identity model, the agent gets its own Entra ID account (e.g. agent@contoso.com). You share a resource, like a calendar, with it like you would a colleague. It only sees what you’ve explicitly granted.
(See demo video)
Audit logs and the Observability stack show the agent acted, not you via some app. This is how trust should work.
2. If an agent can run code, you need to control what it can reach.
OpenClaw agents can generate and execute code, including network requests. OpenClaw A365 enforces network policy at the container level via iptables. You choose: unrestricted, locked down to Microsoft + your LLM provider, or a custom allowlist. The agent cannot call a domain you haven’t approved.
Combining a real identity with least-privilege access and a sandboxed runtime gets us closer to highly autonomous agents that are still observable, governable, and safe to deploy in the enterprise.
Why this matters
Agent 365 was released in preview to Frontier customers last November at Ignite. It was a super-intense push for me, my team, and many others across the company. Back then, we didn’t know that an agent framework like OpenClaw would arrive and make it obvious to everyone why agents need their own identities, sandboxed runtimes, and observability.
The fact that the platform was already there waiting speaks to the foresight Microsoft had. Hope to see Google and other identity providers follow suit.
Links
Demo video: https://youtu.be/7uD2vyfBUUs
Some Creativity 
Leave a comment