I watched Microsoft’s Wave 3 announcement on Sunday and started counting. Claude is now on both sides of my house. Not two different AI tools — the same reasoning engine, delivered through two completely different ecosystems, governed by two completely different frameworks, paid for by two completely different cost centers.

Nobody told me to plan for that.

What Actually Shipped

Copilot Cowork is Microsoft’s new agentic execution layer for M365. Instead of answering questions inside a single app, it runs multi-step workflows across the suite — pulling context from Outlook, assembling documents in Word, scheduling in Teams, updating trackers in Excel — all from a single prompt. Built in collaboration with Anthropic. Claude is the reasoning engine underneath.

Microsoft also shipped Work IQ — an intelligence fabric that connects signals from emails, files, meetings, and chats into a contextual graph. Think of it as Microsoft Graph tuned for agentic reasoning. And Agent 365, a control plane for governing AI agents across the enterprise. In just two months of preview, Microsoft reported tens of millions of agents in the registry, with over 500,000 internally.

This didn’t come out of nowhere. In November 2025, Anthropic committed to $30 billion in Azure compute capacity. Microsoft invested $5 billion into Anthropic. Nvidia put in another $10 billion. That deal pushed Anthropic’s valuation to roughly $350 billion and made Claude the only frontier model available on all three major clouds — Azure, AWS, and GCP.

Pricing lands at $99/user/month for the E7 Frontier Worker Suite, which bundles M365 E5, Copilot, Agent 365, and the security stack. Generally available May 1. Agent 365 standalone runs $15/user/month.

The Real Split: Two Ecosystems, One Governance Gap

Most analyses frame this as a simple story: developers use Claude Code, business users get Claude through Copilot. But the picture is more nuanced than that.

Ecosystem one: Anthropic. Your developers chose Claude Code deliberately. It’s the best coding agent available — 44% suggestion accept rate versus Copilot’s 38%, full-repository context awareness, and the ability to identify security vulnerabilities across entire codebases. In surveys, Claude Code overtook GitHub Copilot as the most-used AI coding tool within nine months of launch. And it doesn’t stop at the terminal. Anthropic’s Team and Enterprise plans bundle Claude Code with Claude Desktop and Claude Cowork — so your architects and technical leads are also using Claude to draft ADRs, review technical specs, analyze infrastructure diagrams, and work through RFC drafts. All under one governance framework: Anthropic’s admin controls, SSO, audit logging, and data retention policies.

Ecosystem two: Microsoft. Your business users get Claude by default through M365 Copilot Cowork. Same Claude model family, wrapped in Microsoft’s enterprise layer. It sees emails, financial models, customer data, meeting transcripts, and strategic communications. Different delivery vehicle, different cost center, different data boundaries. Governed by Microsoft’s tenant-level enterprise data protection, Agent 365 control plane, and Purview/Defender security stack.

Same reasoning engine. Two ecosystems. Two governance frameworks that don’t talk to each other.

I wrote about a version of this problem in The Clone Problem — the challenge of your personal AI not being able to follow you across work boundaries. Now it’s worse. The AI isn’t just failing to follow you — it’s already there on both sides, and nobody coordinated the policies between ecosystems.

The Questions That Keep Me Up

Where does the data go across ecosystems? The Anthropic side sees your source code, internal documentation, technical specs, and architecture decisions — all under one admin framework. The Microsoft side sees emails, financial models, customer data, meeting transcripts, and strategic communications — under a completely separate one. Same reasoning engine, two completely separate data contexts. The isolation is a feature — but only if you’re intentional about it. If an architect analyzes a production API schema in Claude Desktop, and a business analyst asks Copilot Cowork to summarize the same system’s customer impact data, the model serves both without knowing they’re related. That’s fine until someone asks why the governance policies don’t align.

Who controls the model? Microsoft is explicitly model-agnostic now. Jared Spataro said it plainly: “Every 60 days at least, there’s a new king of the hill.” That means Microsoft can — and will — swap the underlying model when something better comes along. Your developers chose Claude deliberately. Your business users got Claude incidentally. What happens when Microsoft routes their workflows to a different model next quarter while your engineering org stays on Claude? Now you have two model families to govern instead of one — and the Anthropic side and Microsoft side diverge even further.

What about agent sprawl? 500,000 agents inside Microsoft alone. Agent 365 exists precisely because this problem is real. But your organization doesn’t have 500,000 agents — you might have 50. The governance tooling is designed for hyperscale. Does it help you, or does it add overhead to a problem you don’t have yet?

Where is the lock-in? Work IQ is deeply proprietary. The contextual graph that makes Copilot Cowork effective is built from your M365 data, indexed by Microsoft, and inaccessible outside the ecosystem. The Anthropic side — Claude Code and Claude Desktop — works against your local repos and local files with no platform dependency. One ecosystem is portable. The other is not. I explored this dynamic in The Personal AI Wars — the lesson there was to bet on model-agnostic infrastructure regardless of which lab is friendliest today. That advice applies here too, but the calculus is more complex when the same model is embedded in a proprietary platform you can’t leave.

What This Looks Like in Banking

Let me make this concrete with banking — the industry I work in.

In a regulated bank, developers use Claude Code to build and maintain integration services, APIs, and core banking connectors. The Anthropic ecosystem sees code, API schemas, test suites, deployment configurations, and the architecture decisions that shape them — all under one governance framework.

Business analysts and project managers live in M365. When Copilot Cowork rolls out, the Microsoft ecosystem sees emails about vendor negotiations, Excel models with financial projections, Word documents with regulatory filings, and Teams conversations about customer escalations — under a completely separate governance framework.

Same model family. Two governance ecosystems with a gap between them. In a SOX-regulated environment, that’s not an interesting architectural observation — it’s a governance question that needs an answer before the next audit.

The concern isn’t that Claude will somehow cross-pollinate data between ecosystems. The data boundaries are genuinely separate. The concern is that nobody in the organization owns the holistic picture. IT security governs the Microsoft side. Engineering governs the Anthropic side. Two different approval chains, two different risk assessments, two different policies — for the same AI capability.

This is where the Trust Ladder becomes operationally relevant. Each ecosystem needs its own trust calibration. Claude Code at Level 3 — agent drafts and executes within scoped permissions. Copilot Cowork at Level 2 — agent drafts, human approves. Claude Desktop at Level 1 for sensitive architectural work — observe and advise, human decides. The Anthropic side has a single admin framework to set these levels consistently. The Microsoft side has Agent 365. But who owns the policy that spans both? Today, nobody.

The Winning Pattern: Intentional Separation

The winning pattern isn’t consolidation — it’s intentional separation with unified governance.

Don’t force a single vendor. The impulse to standardize on “one AI” is wrong here. Claude Code and M365 Copilot serve different personas with different data contexts. Forcing them together creates the very security boundary violations you’re trying to prevent.

Invest in Agent 365 governance early. Even if you only have a handful of agents today, the control plane will matter. Define policies for agent creation, data access, and lifecycle management before the sprawl starts. This is the reconciliation loop applied to AI governance — declare your desired state for agent policies, measure actual state, close the gap continuously.

Keep Claude Code independent. Resist the urge to route developer AI through Microsoft’s infrastructure. The value of Claude Code is direct, unmediated access to a reasoning engine that understands your entire codebase. Adding a middleware layer degrades that.

Monitor model routing. Establish a policy that requires notification when Microsoft changes the underlying model for your Copilot workflows. You need to know which model runs your financial projections and customer communications. This isn’t paranoia — Microsoft explicitly told you they’ll swap models when something better comes along.

Create a unified AI governance function. This is the real gap. Someone needs to own the holistic view across both ecosystems. Not to consolidate them — to ensure the boundary between them is intentional, documented, and auditable. In regulated industries, “we didn’t know Claude was also running over there” is not an acceptable answer for an examiner.

Set data classification policies now. Before agents cross the boundary between development data and business data, define what’s allowed in each ecosystem. Source code and technical artifacts stay on the Anthropic side. Business intelligence stays with Copilot. The models might be the same under the hood, but the data governance must not be.

What I Don’t Have Figured Out Yet

I’m not going to pretend I’ve solved this. The convergence is moving faster than governance frameworks.

Microsoft’s 15 million paid Copilot seats sound impressive until you realize that’s 3.3% penetration of their 450 million M365 commercial installed base. Forrester describes enterprise adoption as “measured, even cautious” — most organizations are still in pilot mode. Analyst data suggests 70% of users initially preferred Copilot, but after trying alternatives, only 8% kept choosing it. Wave 3 and the E7 bundle are partly a response to those headwinds.

The model layer is commoditizing. Microsoft doesn’t care whose model runs the task as long as the task runs within their platform. Anthropic gains distribution. Microsoft gains capability. The enterprise gets a more capable tool. But the architectural implications of the same AI running across two separate governance ecosystems — that’s new territory, and the playbooks haven’t been written yet.

I know the boundaries need to be intentional. I know someone needs to own the cross-ecosystem view. I know the trust calibration needs to be ecosystem-specific. What I don’t know yet is what that looks like at scale in a regulated environment where every AI decision eventually needs to survive an examiner’s question: “Who approved this, and how did you verify it was appropriate?”

---

AI strategy is now infrastructure strategy. Model selection, data routing, agent governance, and platform boundaries are architectural decisions, not procurement decisions. Your developers chose their AI deliberately. Your business users got theirs by default. The job is to make sure both decisions were good ones — and that the boundary between the two ecosystems is airtight.

If the governance angle resonated, you might also enjoy The Trust Ladder — a framework for calibrating how much autonomy to give AI agents based on task risk.

Find me on X or LinkedIn.