A big chunk of Build 2026 went into explaining how Microsoft wants Windows to be the place where developers run AI agents with some control over what those agents can touch. The headline is Microsoft Execution Containers (MXC), a policy-driven execution layer for agents on Windows and WSL.
The premise behind MXC is that you declare up front what an agent can reach: files, networking, specific permissions. From there the system applies different containment levels. There is process isolation for lightweight containment, session isolation that separates agent execution from the interactive desktop, and on the roadmap hypervisor-backed micro-VMs plus Linux containers for the riskier workloads. Process and session isolation reached Windows Insiders shortly after Build; the rest is in early preview. The code lives on GitHub at microsoft/mxc. On top of MXC, Microsoft is adding Agent 365, which layers Entra and Intune policy along with Defender, Entra, Intune and Purview protections, in preview in July.
If you work with Linux inside Windows, two items are worth watching. First, WSL Containers: native creation and execution of Linux containers from Windows, with its own command-line binary and an API for programmatic access. It enters public preview in the coming months, and the repo is microsoft/wsl. Second, Coreutils for Windows, a set of Linux-style command-line utilities running natively, built from the uutils project (the Rust reimplementation of GNU Coreutils). That one is already generally available.
On the security side, Windows is moving some plumbing. Microsoft introduces post-quantum cryptography: PQ hybrid key exchange in the Windows TLS stack, composite PQC algorithms through the CNG APIs, and PQ certificate issuance via Active Directory Certificate Services. For authentication, IAKerb and LocalKDC arrive in the server and client previews, configurable through registry keys to cut NTLM usage and lean more on Kerberos. Drivers change too: the certification process raises the bar and moves toward Windows Hardware Compatibility Program (WHCP) certified drivers as the default, with a staged audit-to-enforcement transition. App control expands as well: Smart App Control for consumers and App Control for Business for enterprises reach more devices, with reputation-based enforcement and new integration APIs.
Who this affects: developers who want to run agents with clear boundaries, IT teams managing Windows fleets, and anyone using WSL as their Linux work environment. If you administer Windows machines or develop on WSL, it helps to check the Windows entry to place these changes within the release cycle.
Microsoft also flexed on hardware (the Surface RTX Spark Dev Box and the DGX Station for Windows) and local models like Aion 1.0, but the message for anyone coming from the Linux side is plain: native containers, Rust utilities, and an isolation layer that echoes what other systems already do.
Source
Original article published by Microsoft on the Windows Developer Blog (blogs.windows.com).