WorkPilot is a self-hosted AI assistant that integrates natively into Microsoft Teams and your entire M365 environment — proactive, multi-channel, with zero data leaving your infrastructure.
From daily tasks to complex workflows — one AI assistant natively integrated with Microsoft 365.
Reads, writes, edits, searches, and debugs across your codebase and inboxes. Spawns specialized sub-agents for deep research and review. Powered by GPT-5.4 by default, with support for enterprise-owned LLMs.
Multi-layer sandboxing, secret redaction, audit logging, E-stop kill switch, Security Classifier, and Entra ID authentication — security-first by design.
Native Teams bot integration, Entra ID SSO, Microsoft Graph access, and Azure deployment support — designed to live inside your M365 tenant.
Chat from CLI, browser, or Teams. A single agent loop handles all channels simultaneously through a stateless cloud relay — your data never leaves your machine.
WorkPilot runs on your machine — the Cloud Gateway is just a stateless relay. Your data never leaves your infrastructure.
PowerShell — auto-installs Python 3.11+ if needed
You'll be prompted to launch WorkPilot at the end. Microsoft sign-in happens automatically on first Teams or Web Chat connection. To start manually later, run: workpilot
The WorkPilot Teams app is currently in preview. Access is invite-only while we complete store validation. There are two ways to get it:
WorkPilot is built for organizations that run on Microsoft. Authenticate once with Entra ID and reach your agent everywhere.
Native bot via M365 Agents SDK. OID-based per-user routing, typing indicators, and Adaptive Card approve/deny — without leaving Teams.
Email as a full channel — receive messages, triage your inbox, and reply via Microsoft Graph. Runs alongside Teams and Web Chat simultaneously.
Delegate coding and review tasks to GitHub Copilot CLI. Runs in the background, notifies you on completion — billed to your Copilot subscription.
Delegate tasks directly to Claude as a first-class tool — not just the backbone LLM. Spawn a scoped Claude sub-agent for research, drafting, or review.
Sign in once. OIDC + PKCE, MSAL token cache, per-user session isolation across Teams, Web Chat, and the admin portal.
Cloud Gateway deploys stateless to your Azure tenant. Manage Azure resources, Azure DevOps pipelines, Application Insights telemetry, and DataProtection key persistence — production-ready out of the box.
Issues, pull requests, code search, and repo management. Pair with Copilot delegation for end-to-end AI-assisted development.
Connect to Microsoft-internal services — M365 Agent, ICM, EngHub, Kusto — via Agency CLI proxy. Entra ID auth handled automatically, and more MCP tools.
WorkPilot is built with a defense-in-depth security model. Every tool call passes through a multi-phase hook pipeline — preflight classifiers reject suspicious actions before execution, postflight scanners redact credentials from all output. A global E-stop halts everything instantly on detection of data leaks.
Install from PyPI in seconds, or open the web chat. WorkPilot runs on your infrastructure.