By ByteBot
Microsoft’s computer-using agents (CUAs) in Copilot Studio reached general availability on May 13, making Microsoft the first major hyperscaler to ship production-grade CUAs across all commercial Power Platform geographies. The pitch is simple: if a person can use an app, an agent can too — no API required. This is the first serious answer to the 40–60% of enterprise app estates running on legacy ERP UIs, proprietary vendor portals, and Windows thick-clients that will never get a modern API. It is now in production. Here is what actually changed and what to do about it.
What CUAs Actually Do
Traditional automation for no-API legacy apps had two options: manually click through the UI, or build brittle RPA selectors that break every time the application updates. CUAs take a third path. They use vision plus reasoning — the agent sees the screen the way a human does, understands context, and adapts when the UI changes. You describe what you want in natural language; the model figures out how to click through it.
Graebel, a talent-mobility company, built the clearest production blueprint so far. Their proprietary Global Connect platform spans 30-plus service categories with no vendor API. Previous RPA attempts broke constantly against the variability of human-written intake emails. Their CUA solution uses Azure Content Understanding to extract email data, then navigates Global Connect’s native UI to enter it — handling all the variability RPA could not. That pattern — extraction feeding a CUA that interacts with a no-API system — is the architecture to copy.
GA vs. Experimental: What to Actually Ship
Microsoft’s model table matters more than most developers realize. Two models carry the GA designation and are production-supported. Two are explicitly experimental and should not be deployed to production workflows.
| Provider | Model | Tier | Credits/Step | Status |
|---|---|---|---|---|
| OpenAI | Computer-Using Agent (CUA) | Standard | 5 | Generally Available |
| Anthropic | Claude Sonnet 4.5 | Standard | 5 | Generally Available |
| Anthropic | Claude Sonnet 4.6 | Standard | 5 | Experimental |
| Anthropic | Claude Opus 4.6 | Premium | 15 | Experimental |
There is also a prerequisite that most coverage of this feature is quietly omitting: generative orchestration must be enabled on your agent. If your existing Copilot Studio agents use classic orchestration — and many enterprise deployments do — you cannot use CUAs until you migrate. That migration is not automatic. Check your agents before assuming this feature is available to you.
The Pricing Math
Copilot Credits run $0.008 each at prepaid rates ($200 per pack of 25,000). CUAs bill at 5 Credits per step on standard models. A step is one action — navigate, click, fill a field, submit a form. In practice:
- 4-step form fill (open browser, navigate, fill fields, submit): 20 Credits, $0.16
- 25-step SAP GUI flow: 125 Credits, $1.00 per run
- 50-step relocation workflow: 250 Credits, $2.00 per run
These numbers look small until you multiply by volume. If a workflow runs 500 times daily, a 25-step SAP flow costs $500/day before Azure compute and Windows 365 Cloud PC pool charges. Budget the full stack before committing. The official Copilot Studio pricing page has the current credit rates.
The Security Setup You Cannot Skip
Microsoft built governance into the product rather than bolting it on afterward — DLP policies, environment isolation, and Purview audit logging with session replay all travel with the agent through Power Platform’s existing compliance infrastructure. That is the correct approach. But there is a gap in the access control design that deserves attention.
Access control allow-lists restrict which websites and desktop applications an agent can interact with. They do not prevent the agent from navigating to a non-listed site. If only microsoft.com is in your allow-list, the agent can still use the browser address bar to open Bing — it just cannot click on anything once there. Microsoft’s own documentation acknowledges this and recommends pairing allow-lists with Intune browser policy enforcement for actual containment. Do not skip that step.
For credentials: use Azure Key Vault for anything sensitive in production. Configure human supervision routing for low-confidence steps — the Outlook-based reviewer approval flow gives you a human-in-the-loop checkpoint without building it from scratch. And review Microsoft’s OWASP risk guide for Copilot Studio agents before deploying against any system with access to sensitive data. Prompt injection through malicious UI content remains a real attack vector regardless of governance tooling.
Where Microsoft Stands vs. the Competition
This is the first computer-use feature at full GA from a major cloud provider. Anthropic’s computer use is still in paid beta. Google’s is public preview. If you are in an M365-heavy enterprise and your compliance team requires audit trails and session replay before approving a new automation category, this comparison resolves itself: Microsoft is the only option with that governance built in today.
What to Do Now
- Check your orchestration mode. Verify that generative orchestration is enabled on each agent you want to extend with CUAs. If not, plan the migration before this feature is relevant to you.
- Start on a low-stakes target. Pick one internal web app or legacy desktop tool with no sensitive data. Use the official Microsoft Docs sample instructions to test step counts and costs before touching production systems.
- Set up Key Vault and Intune before going to production. Configure Azure Key Vault for credential storage. Apply Intune browser policy to the machine used for computer use. These are not optional in a regulated environment.
- Stay on GA models. OpenAI CUA and Claude Sonnet 4.5 are the only production-supported options. Do not deploy Sonnet 4.6 or Opus 4.6 to production workflows.
The feature is real, the governance foundation is solid, and the no-API use case is genuinely unsolved by anything else at this maturity level. The gotchas are real too. Read the footnotes before you demo this to your compliance team.
