Microsoft will soon give IT administrators a powerful new weapon to stop users from running unapproved local AI assistants on company machines. A freshly posted entry on the Microsoft 365 roadmap confirms that Intune will automatically mark a Windows device as noncompliant when it finds a prohibited AI agent—and that change can instantly lock the user out of corporate resources.

What the roadmap entry actually says

Listed under feature ID 467451, the update is titled “Windows AI discovery and action” and is currently in development. The roadmap describes a capability that lets administrators define a list of prohibited local AI agents—tools installed directly on the endpoint, not just cloud services—and have Intune detect their presence during a standard compliance check. When a banned agent is found, the device is immediately flagged noncompliant, and any Conditional Access policies that require a compliant device spring into action.

No general availability date has been provided, but the item appeared on the public roadmap in late March 2025, following earlier private previews. Microsoft has not yet published detailed technical documentation or group policy templates, so the full configuration surface remains unseen.

Here’s what it means for different audiences

For everyday Windows users

If your organisation manages your PC with Intune, the impact is direct: install a personal AI assistant—think a desktop rewrite of an open-source LLM, an unauthorised coding copilot, or a screen-capture agent that uploads data—and your machine may lose access to Teams, Outlook, SharePoint, and any other app protected by Conditional Access. The block happens silently during the next compliance check, which can run as often as every few minutes. For many employees, the first sign will be a baffling “you can’t access this resource” error.

This isn’t about Microsoft’s own Copilot or sanctioned enterprise AI tools. It targets the growing zoo of lightweight agents employees download to boost personal productivity—often without understanding the data leakage risks.

For IT administrators

The roadmap signals a shift from tracking AI usage through network logs or cloud app security to inspecting the endpoint itself. Today, admins can already block executables via Windows Defender Application Control or AppLocker, but those are binary allow/deny mechanisms that aren’t integrated into the compliance evaluation flow. The new feature bakes the check directly into the compliance engine, meaning a single dashboard will show device health, software inventory, and AI risk in one place.

Practically, admins will need to:
- Audit the AI tools already crawling onto endpoints—unmanaged installs of Ollama, GPT4All, or community-built screen readers are increasingly common.
- Build a structured inventory of approved agents (Microsoft Copilot, sanctioned third-party services deployed via Intune) and explicitly block everything else, or curate a deny list of the most dangerous ones.
- Test the impact on pilot groups before rolling out a policy that could suddenly cut off engineering teams that rely on a locally-run model for offline work.

Conditional Access integration is the multiplier: pairing a noncompliant device verdict with a “block access” policy forces the user to uninstall the offending software before they can get back to work, rather than merely generating a report someone may ignore.

For developers and power users

Developers who experiment with local LLMs should anticipate friction. Many organisations will start with broad bans on any AI agent not deployed through IT, treating them like unmanaged browsers or cloud sync clients. If you maintain a local code-assistance agent that hasn’t been security-reviewed, now is the time to have a conversation with your infosec team before the policy hits and you find yourself locked out of GitHub or internal repos.

How we got here—the long arc to endpoint AI governance

Microsoft has spent three years tightening compliance checks in Intune. What began as a simple “is BitLocker on?” scan evolved into a system that evaluates operating system version, firewall status, antivirus signature age, and even the presence of risky custom settings. The common thread is protecting corporate data, and the explosion of local AI agents has opened a fresh hole in the dike.

In 2023, the company added detection of unmanaged apps via Microsoft Defender for Endpoint integration, but those signals stayed in security dashboards, not the compliance pipeline. The 2024 “app protection policies for Windows” preview let organisations control copy-paste exfiltration routes but still didn’t inventory what was running. So a device could be fully “compliant” while a user happily pasted source code into a consumer AI.

The new roadmap entry represents a convergence of two tracks: the security team’s growing alarm about shadow AI, and Intune’s push to become the single policy engine for the “Zero Trust” posture. It also mirrors the mobile device management world, where Intune already marks Android or iOS devices noncompliant for sideloading unapproved apps—a capability that has been missing on Windows until now.

Crucially, this isn’t Microsoft’s first attempt at end-user AI control. The recently announced “AI Hub” in Windows 11 gives users a curated storefront for Copilot and third-party plug-ins that meet Microsoft’s privacy standards. The Intune compliance hook is the flip side: a stick to ensure only those vetted tools run on managed hardware.

Immediate actions to take before this feature ships

  1. Take an AI agent inventory. Use your existing endpoint detection tools (Defender for Endpoint, third-party EDR) to search for common agent filenames, process signatures, or network connections to known AI APIs. Microsoft may offer built-in discovery when the feature launches, but a manual sweep now prevents a surprise wave of blocks.
  2. Catalogue sanctioned AI tools. Document everything your organisation has officially blessed, from Microsoft 365 Copilot to code assistants like GitHub Copilot (which is cloud-based and likely wouldn’t trigger a local-agent check, but still needs a policy entry). Involve legal and compliance teams to vet any tools that touch sensitive data.
  3. Draft a Conditional Access policy skeleton. The eventual implementation will likely follow the standard pattern: a compliance policy checks for the presence of “Windows AI discovery” signals, and a Conditional Access policy requires a compliant device. You can prepare the CA side now by building a “require compliant device” rule scoped to pilot users, ready to flip on once Intune starts delivering the signal.
  4. Educate users before enforcement. Explain why personal AI agents are being limited—data residency risks, intellectual property leakage, contractual obligations with clients. Employees who understand the “why” are less likely to try circumventing controls.
  5. Monitor the roadmap and Admin Center messages. Feature ID 467451 will move through “in development” to “rolling out” to “launched”. Subscribe to Microsoft 365 admin centre notification digests so you see any tenant-specific rollout schedule.

What to watch next—and the questions still unanswered

Three unknowns will determine how impactful this feature really is. First, signal fidelity: will Intune rely solely on a static file-name or certificate-based list, or will it tap into Defender’s machine-learning models to catch repackaged or renamed agents? A dumb list will be easy to evade; behavioural detection could trip up legitimate developer tools.

Second, remediation: after a device is marked noncompliant, how straightforward will it be for a user to self-remediate? On iOS, a noncompliant device often requires a full wipe and re-enrolment, but Windows should allow simple uninstall-and-rescan. If the user experience is clunky, helpdesk queues will skyrocket.

Finally, the relationship with Windows Copilot: as Microsoft bakes its own AI deeper into the operating system, admins will need granularity to block third-party agents without accidentally quarantining native Windows functionality that relies on a local Copilot engine. The roadmap entry doesn’t yet clarify whether Microsoft’s own agents are automatically exempt.

For now, the message from Redmond is clear: the endpoint isn’t just a dumb terminal anymore, and neither is compliance checking. AI governance is moving from the network perimeter to the silicon itself, and IT teams that start preparing today will be the ones who avoid frantic lockdowns tomorrow.