Microsoft Intune now includes a security baseline specifically designed to block unauthorized local AI agents on managed Windows devices. The “Local AI Agent Baseline OpenClaw (Preview),” available in the Intune admin center under Endpoint Security, applies firewall rules and runtime restrictions that disrupt the execution paths most commonly used by local agent tools, according to HTMD Blog.
How the Baseline Works
The baseline targets outbound network communication from local AI runtime environments, primarily NodeJS, which OpenClaw and similar agent tools rely on. It also restricts Windows Subsystem for Linux (WSL), another common execution path for local agents. When deployed, the policy prevents agents from reaching external APIs, effectively cutting off the model providers that power autonomous agent behavior, according to HTMD Blog.
Microsoft includes a warning with the baseline: the controls “may not fully block all agent execution paths” and “may block other processes in addition to OpenClaw.” Legitimate applications that depend on NodeJS or WSL could be affected, and admins can selectively disable specific settings to avoid disrupting approved workloads.
IT administrators can access the baseline by navigating to Endpoint Security, then Security Baselines in the Microsoft Intune admin center.
Agent Inventory Pairs with Enforcement
The security baseline arrives alongside a companion feature: a Local AI Agent Inventory capability that collects detailed information about AI-related applications installed on managed Windows devices. The inventory captures publisher, execution context, installation method, install location, user scope, and host process data, giving admins visibility into which agents exist in their environment before deciding what to block.
Together, the two features create a discover-then-enforce workflow. Organizations can audit which agents employees have installed, then apply the security baseline to restrict unauthorized ones while allowlisting trusted tools.
The Shadow IT Problem Microsoft Is Addressing
The features respond to a specific enterprise scenario: employees installing agent tools on corporate machines without IT approval. An OpenClaw instance running on an employee’s laptop can access Slack, email, calendar, and local files through its permission system, then route that data through API calls to model providers like Anthropic or OpenAI. From an IT governance perspective, that is sensitive corporate data leaving the managed environment through an unapproved channel.
Microsoft also recently open-sourced an Agent Governance Toolkit on GitHub covering policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous agents. The toolkit addresses all 10 categories in the OWASP Agentic Top 10.
Enterprise Agent Adoption at a Crossroads
The Intune baseline represents the first major endpoint management platform to ship agent-specific blocking controls. The approach mirrors how enterprises handled early cloud storage adoption: employees adopted Dropbox and Google Drive before IT had policies in place, forcing reactive lockdown followed by managed alternatives (OneDrive, Box with enterprise licensing).
For OpenClaw and other local agent tools, the parallel is clear. Enterprise adoption may increasingly require running agents within managed environments, cloud-hosted agent platforms like Anthropic Claude Enterprise, or approved agent marketplaces, rather than user-controlled local installations. The Intune baseline is a preview feature, but the policy direction signals where large organizations are headed.