Build 2026 in one page: seven in-house MAI models, a full agent security stack, always-on agents on the endpoint, and Microsoft positioning itself as the control plane for everyone else's AI.
"AI alone won't change your business. The system running it will."— Jay Parikh, keynote framing
Microsoft's pivot away from model supremacy toward lifecycle lock-in: build in GitHub → contextualise with Microsoft IQ → run in Foundry → govern with Agent 365 & Security → surface in Teams and M365. Same playbook as Office + Windows in the 90s — applied to agents.
Sparse MoE, trained from scratch on licensed enterprise data — "zero distillation" is a procurement & compliance argument, not marketing.
Flash is a 5B-parameter model already live in VS Code & GitHub Copilot CLI, rolling out across all Copilot plans, Free included.
Claimed step-change in quality; already inside PowerPoint, rolling out to OneDrive.
Microsoft AI43 languages; claims to beat Google & OpenAI flagships on Microsoft's own benchmarks.
Microsoft AINatural prosody and emotional control in 15 languages for realistic voice agents.
Microsoft AITalk track: Economics is the point — no OpenAI royalties, models co-designed with Maia 200 silicon (1.4× efficiency, already in Iowa/Arizona, Italy next). Distribution on OpenRouter, Fireworks & Baseten means Microsoft now acts like a model vendor, not just a cloud. And Frontier Tuning — RL inside your compliance boundary — moved one internal task from 13% → 87% completion. All benchmarks self-reported: trust, but verify.
Multi-model agentic scanning harness — orchestrates 100+ specialised agents to discover, validate and prove exploitability across codebases. Offensive-grade discovery, productised for defence.
Security blogRuntime context — internet exposure, data sensitivity — flows into vulnerability prioritisation. "Shift left meets runtime" finally shipped.
Security blogDetects compromised or vulnerable models across registries, workspaces and CI/CD before deployment. Supply-chain security extended to model artifacts — a genuinely new category.
Security blogExfiltration controls and agentic risk detection covering Claude Code, Copilot, Codex and OpenClaw — Microsoft governing its competitors' agents is the telling move.
Security blogDiscovery-first: surfaces unmanaged local agents via Defender, Entra and Intune. Shadow agents are the new shadow IT.
Security blogCounterpoint to raise: every piece gets more attractive the more Microsoft you already run — Entra, Intune, Purview, W365, GitHub. For some CIOs that's a feature; for others a procurement warning light. The honest question for Finnish enterprises: what does the heterogeneous-stack experience actually look like?
Hanselman & Steinberger demoed the viral self-hosted agent framework live on stage, running inside Microsoft Execution Containers (MXC) — a policy-driven containment layer enforcing what agents touch at runtime.
Cloud ephemeral sandboxes with managed identity rebuild in ~6 minutes. MXC is also the isolation model adopted by Copilot CLI.
Built on OpenClaw's architecture: persistent identity, proactive task management across email, calendar and reports, interacting in Teams "like a human colleague" — policy conformance via Agent 365.
The EPPC question: when every employee has an always-on agent acting with their identity, what does Conditional Access even mean? (Entra Agent ID is the answer Microsoft wants you to reach.)
Build news hubAgents get email, calendar, meetings, chats, files, people, collaboration patterns and LOB systems. Nobody else has this moat — and it's the highest-stakes data-governance surface ever exposed via API.
GA · 16 June 2026Web-scale retrieval system for agents — Microsoft's grounding answer for the open web, powering agent search beyond the tenant boundary.
AnnouncedKnowledge and retrieval unified inside Foundry for higher-quality agent responses without bespoke RAG plumbing.
FoundryTalk track: the Copilot oversharing scare of 2024–25 repeats — but now programmatically, at agent speed. The data hygiene work organisations postponed is no longer optional; it's blocking.
Agent Harness makes context compaction, instruction merging and todo tracking first-class. Foundry Hosted Agents give a direct path from local dev to managed hosting with session persistence and observability. CodeAct (via Hyperlight) collapses many tool calls into fewer model turns. Handoff orchestration hits 1.0.
Agent Control Specification: portable runtime governance — 8 lifecycle interception points, declarative YAML, works across Python, Node, .NET and Rust. Write policies once, enforce anywhere.
ASSERT: natural-language behaviour specs → executable eval pipelines with scored traces. The question: does ACS become the SAML of agent governance, or another spec graveyard entry?
A cockpit for directing multiple agents in parallel: isolated git worktrees, bidirectional Canvases, bounded sandboxes, and Agent Merge carrying PRs through review, CI and merge. Copilot SDK now GA in six languages.
Bridge to your keynote: "Agent supervision is the new senior engineering skill" was literally a Build session title. The consultant of 2027 reviews agent output — they don't type.
GitHub announcementHardware that runs agents instead of apps: a Qualcomm-powered wearable badge and a MediaTek desk companion. The buried headline: the edge OS (MDEP) is built on AOSP, not Windows — managed via Intune, zero-trust by design.
Private preview H2 2026. Healthy skepticism warranted (Windows IoT, Band, Cortana devices…) but the enterprise-first framing is smarter than past attempts.
Command Line blog"Sovereign AI" said out loud — but what does sovereign mean when the control plane is still Redmond's? Contrast with truly self-hosted stacks.
News hub1 PFLOP, 128 GB unified memory for local models. The legitimised homelab — late 2026.
Windows devices blog2nd-gen AI accelerator live in Iowa & Arizona; Italy, Australia, South Korea next. EU capacity touches the sovereignty debate.
News hubEnterprise Postgres "engineered for the AI era" — a quiet but real bet on Postgres.
Azure blogManaged app backends from Fabric; GPU-accelerated warehouse claims up to 7× faster than rivals.
Rayfin page20 s qubit lifetime, 1,000× reliability, "scalable quantum by 2029." Actionable today: PQC readiness.
Microsoft announcementCoreutils GA, WSL containers preview, Intelligent Terminal, one-command dev setup — and C# union types in .NET 11. Finally.
Windows dev blogDefine an agent in a .agent.md file — markdown instructions plus trigger/tool metadata — and deploy it like any Function. Any trigger can run an agent (HTTP, Timer, Service Bus, Cosmos DB, Teams message, Outlook mail, SharePoint item). Plus the full 1,400+ Logic Apps connector catalog as first-class triggers, Go language support, a new Functions CLI, one-click MCP auth, and Flex Consumption rolling updates GA.
Functions at Build 2026Ephemeral compute with built-in suspend/resume — the same infrastructure under GitHub Copilot cloud sandboxes and Foundry Hosted Agents, now exposed as a first-class resource. MCP Connector Gateway gives sandboxes credential-free access to 1,400+ external systems. The "give agents bounded compute" primitive.
ACA Sandboxes announcementZero-to-hyperscale deployment without infrastructure decisions — pitched as the first Azure compute platform purpose-built for agents and developers alike, with production defaults out of the box.
ACA at Build '26Existing web apps become AI-ready with no rearchitecting — the lowest-friction on-ramp for the long tail of enterprise apps.
App Service at Build 2026AKS on dedicated machines without a hypervisor — direct access to NVLink, RDMA and high-performance networking. Aimed squarely at AI training/serving fleets.
AKS at Build 2026Azure now owns the lifecycle of system nodes — capacity, patching, scaling — so system components stop competing with workloads, notably on GPU-backed nodes.
AKS at Build 2026A minimal, Microsoft-maintained container-optimized host OS standardising the AKS baseline — smaller patch surface, less drift across fleets. Azure Linux 4.0 enters public preview alongside it.
Managed Ray on AKS in partnership with Anyscale — distributed Python AI workloads without running Ray yourself.
News hubUnified Model API in public preview, Agent-to-Agent (A2A) API support, integrated gateways for Anthropic and Vertex AI, and content safety controls — APIM positioning as the policy chokepoint for multi-model, multi-agent traffic.
APIM at Build 2026Discovery and governance expanded beyond APIs to agents, MCP tools, prompts and skills as catalogued enterprise assets. The "agent registry" idea arriving at the API layer.
APIM at Build 2026Agent-workflow integration updates rounding out the integration stack alongside Functions' connector adoption.
News hubMCP Toolkit and Agent Memory Toolkit for durable agent memory, Semantic Reranking (preview), Integrated Embeddings (preview — auto-maintained vectors, no pipeline), Global Secondary Indexes, per-partition automatic failover, distributed transactions, Change Partition Keys, and the Linux Emulator GA for CI/CD.
Cosmos DB Build blogNative backup support lands — closes a long-standing enterprise gap.
Cosmos DB Build blogDefender for Cloud integration for continuous security/compliance assessment, plus Oracle→PostgreSQL discovery and assessment tooling with readiness, sizing and cost guidance. Pairs with the HorizonDB bet.
Fabric & Databases blogLive migration of confidential VMs without breaking the trust boundary — removes a major operational objection to confidential computing. Sovereignty-relevant for EU clients.
News hubMulti-party analytics over data no party can see in the clear — the privacy-preserving collaboration primitive grows up.
News hubCentralised resiliency posture across subscriptions — Azure's answer to "prove your DR actually works", and an easy consulting conversation starter.
News hubScalable file-share management goes GA; new AMD EPYC "Turin"-based Lasv5/Laosv5 VM families enter preview.
News hubFoundry VS Code extension, custom avatars and video generation, content understanding — plus Vercel AI SDK support in TypeScript from late May. The dev-experience perimeter keeps widening.
Foundry Build newsThe OS-level controls underpinning MXC: policy-driven agent containment as a Windows platform capability, not an app feature.
Windows dev blogCloud PCs tuned for developer workloads — and the substrate for Windows 365 for Agents, giving agents their own governed desktops.
News hubBuild agents that participate where work happens — the surface layer for Scout-style colleagues inside Teams.
Teams platform at BuildPattern to call out: every service team shipped the same three things — an agent hosting story, an MCP integration, and a sandbox/isolation primitive. Functions has .agent.md, ACA has Sandboxes, AKS has bare metal + Container Linux, APIM has A2A and the agent catalogue, Cosmos DB has agent memory. When every product team converges on the same nouns, that's the platform strategy showing through — not coincidence.
Last year: MCP, A2A, agent standards. This Build: hosting, evals, tracing, governance, containment. The maturity-curve argument lands with leaders deciding when to commit — and that moment is now.
Agent 365, MXC, ACS, Purview, Work IQ — everything converges on Microsoft as the layer that watches, permits and audits agents. Including competitors' agents. That's the E7-at-$99 monetisation logic.
MAI ends "Microsoft = OpenAI reseller", yet the partnership continues. Customers gain model choice and lower cost — and inherit a new evaluation burden, since every benchmark is self-reported. Trust, but verify.