Microsoft launched its Copilot Plus PC and Windows AI efforts last year, and now it’s going a step further today with native Model Context Protocol (MCP) in Windows and the launch of the Windows AI Foundry.
Introduced by Anthropic late last year, MCP is an open-source standard that’s often referred to as the “USB-C port of AI” apps.
Just as USB-C connects devices from many manufacturers to a variety of peripherals, developers can use MCP to quickly let their AI apps or agents talk to other apps, web services, or now even parts of Windows.
MCP servers will be able to access things like the Windows File System, windowing, or the Windows Subsystem for Linux.
“More information on these requirements will be available when thedeveloper preview is released.” Alongside this big MCP push, Microsoft is also positioning its own AI platform inside Windows as the rebranded Windows AI Foundry.
Microsoft is taking things a step further today with the introduction of the Windows AI Foundry and native Model Context Protocol (MCP) in Windows, following the launch of its Copilot Plus PC and Windows AI initiatives last year. Microsoft envisions a future in which automated AI agents support their human companions, and this requires laying the foundation.
Known as the “USB-C port of AI” apps, MCP is an open-source standard that was introduced by Anthropic late last year. MCP allows developers to quickly enable communication between their AI apps or agents and other apps, web services, or even parts of Windows, much like USB-C connects devices from multiple manufacturers to a wide range of peripherals. A significant portion of Microsoft’s goals to transform Windows and prepare it for a world of AI agents who can connect to apps and services in previously unattainable ways is the company’s adoption of this protocol.
In an interview with The Verge, Windows chief Pavan Davuluri states, “We want Windows as a platform to be able to evolve to a place where we think agents are a part of the workload on the operating system, and agents are a part of how customers interact with their apps and devices on an ongoing basis.”.
In addition to more general initiatives to power what it refers to as the agentic web, Microsoft is heavily promoting MCP within Windows. Microsoft is introducing some new developer capabilities to enable this MCP framework for AI agents to expose important Windows functionality that AI agents will be able to access in order to evolve Windows to this agentic world that the company envisions.
AI agents will have access to all MCP servers through a Windows MCP registry, which will serve as a reliable and secure source. According to Davuluri, “Agents can use their knowledge and provide end users with significant value by using the MCP registry for Windows to find the installed MCP servers on client devices.”. The Windows File System, windowing, and the Windows Subsystem for Linux are among the resources that MCP servers will have access to.
During a briefing for Microsoft’s announcement of MCP in Windows, the company gave me a sneak peek at how Perplexity on Windows could take advantage of MCP capabilities. Perplexity only needs to search the MCP registry for a Windows file system MCP server to connect to, rather than manually choosing document folders. This enables Perplexity to conduct file searches for a user in a more organic manner; rather than manually adding this folder or the documents, you could say, “find all the files related to my vacation in my documents folder.”.
You can see how a world with MCP servers and hosts within Windows might eventually allow for much more automated app functionality, particularly for applications like Excel that query data from the web. Microsoft is also beginning to incorporate AI agents into some aspects of Windows. An AI agent settings interface that allows you to control system settings with natural language queries will soon be available on Copilot Plus PCs.
Additionally, Windows becomes vulnerable to a plethora of new attack techniques from malevolent actors due to this kind of MCP functionality. With alerts of possible token theft, server compromises, and prompt injection attacks, MCP’s security risks have been extensively covered in recent months. Because Microsoft is well aware of the security risks associated with adopting MCP so early on, the company is only providing a preview to a limited number of developers in order to help them work on its feature set and ensure its complete security.
According to Microsoft vice president of enterprise and operating system security David Weston, “I think we have a solid set of foundations and more importantly a solid architecture that gives us all the tools to start, to do this securely,” he says in an interview with The Verge. Since large language models can be trained on untrusted data and have cross-prompt injection, we will prioritize security and eventually view them as untrusted. “”.
There were early security prompts to allow these AI apps to access MCP capabilities in the Windows demo that Microsoft showed me. “We want to make sure that’s intentional,” Weston says, “because you have control over what you share, just like a web app asks for your location.”.
Although this is still early Microsoft work, the demo did remind me a bit of the UAC prompts that appeared in Windows Vista whenever you needed administrator permissions to perform certain tasks. Apple started making fun of those and they became really annoying. Microsoft must strike a balance between security and user convenience when it comes to these AI agents and apps, so getting these prompts right will be crucial. I really do not want to experience UAC again, or even Apple’s incredibly annoying copy-paste prompts in iOS at the moment.
Along with certain security requirements for MCP servers to be listed in Microsoft’s official registry, or list, Weston described in a blog post today, Microsoft is also committing to a number of MCP security controls. Weston states that these will “create an open and diverse ecosystem of MCP servers while also preventing classes of attack like tool poisoning.”. “The developer preview will be released with more details on these requirements. “”.
In addition to this significant MCP push, Microsoft is rebranding its AI platform as Windows AI Foundry and integrating it into Windows. It incorporates Foundry Local models as well as those from other catalogs, such as Ollama and Nvidia NIMs. It is made to enable developers to use the models on Copilot Plus PCs or to import their own models using Windows ML.
“With Windows ML, developers should be able to deploy their apps much more easily, without having to package ML runtimes, hardware execution providers, or drivers with their app,” Davuluri said. Microsoft’s Windows AI Foundry initiative is collaborating closely with AMD, Intel, Nvidia, and Qualcomm.
