Since early 2026, two products have carried the name “Cowork” and promise much the same thing: delegate a task to an AI agent, turn around, and retrieve the result.
The first is by Anthropic, the second by Microsoft. Both use the Claude model under the hood. But they don’t work in the same way at all, and the choice between the two is not a question of preference. It’s a question of architecture, governance and, in some sectors, regulatory compliance.
At Infologo, a Geneva-based IT service provider and Microsoft partner, we test these tools in real-life conditions before they reach our customers.
The fundamental difference: where does the agent work?
Claude Cowork and Copilot Cowork are opposed on one central point: one runs on your machine, the other in the Microsoft cloud.
Claude Cowork starts up a local virtual machine on your workstation. The agent accesses your files, opens applications and interacts with your real screen. It’s powerful, flexible, and available from the Team Standard plan at $20/user/month for teams of 5 to 150 people. The Team Premium plan at $100/user/month gives more capacity for longer tasks.
Copilot Cowork, announced two months later by Microsoft, uses the same technical engine but moves it into the corporate cloud, inside your M365 tenant. The agent reads your emails, calendar, SharePoint files and Teams conversations, via Microsoft Graph. Your workstation can be switched off: it just keeps going.
This difference in location, local machine versus sovereign cloud, determines everything that comes after: who can access it, what IT can control, and what your legal department can audit.
What this means for governance
IT teams managing environments for SMEs in finance, healthcare or professional services all ask the same question: what happens if the agent does something it shouldn’t have?
With Claude Cowork, the answer is documented and not very reassuring for enterprise use: agent activity is not captured in audit logs, is not exportable to a compliance tool, and there are no per-user controls. Anthropic writes in its own documentation: Cowork is not designed for regulated environments. History remains on the user’s machine.
Copilot Cowork inherits the complete M365 compliance layer: Purview logs, eDiscovery, DLP, Conditional Access via Entra ID. It’s more limited than native Claude Cowork, and some automations require additional approvals, but the traceability is there. For an SME that needs to demonstrate traceability to an auditor or meet a regulatory requirement, this is a difference that counts.
One point not to be ignored: Claude processing in Copilot is explicitly excluded from Microsoft’s EU Data Boundary. Even for European tenants who have activated data residency, Claude model inferences are not covered by this guarantee. Check with your DPO before deploying in a sensitive context.
The risk that no one will mention in marketing communications
Neither Claude Cowork nor Copilot Cowork have solved the problem of prompt injection. When you give an AI agent the ability to read and reply to your e-mails, or to browse your files and extract information from them, you create an attack surface. An email containing malicious instructions can, in certain configurations, cause the agent to execute unwanted actions, or even exfiltrate data.
This is not a theoretical caveat. It’s a well-known limitation of current LLMs: the model doesn’t “understand” that an instruction is hostile. It predicts the next token based on what it is given to read. Giving this mechanism action rights over an information system without clear approval procedures is a real operational risk. Copilot Cowork has a more structured risk-based approval model than Claude Cowork. That’s better. It’s not enough to consider the matter settled.
What we recommend at Infologo
The question is not “ which one is best? The question is, ” Which one is right for you?
Claude Cowork is suitable for developers, technical teams and profiles who manage their own tools and permissions. Access to local files, connection to third-party services, and Anthropic’s rapid rate of evolution make it the most functionally advanced option. It’s also the only one available to individuals without a corporate contract.
Copilot Cowork is ideal for organizations already well established on M365, whose IT needs central traceability and profile-based access management. It’s more controlled, which is precisely what you’d expect from a tool deployed on the scale of an SME with sensitive customer data. Functional velocity will lag behind that of Claude natif, but for supervised business use, it’s generally the right compromise.
What we don’t recommend in either case: deploying without having documented the perimeter of data access, approval procedures and processing rules. These tools are not enhanced chatbots. They are agents capable of acting on your systems. The right approach is to start with a restricted perimeter, with limited rights, before expanding.
Want to assess whether your environment is ready for this type of tool? Contact us for a no-obligation technical discussion.
