View my previous posts

Microsoft is running a playbook that has worked for them for thirty years. When a new platform category emerges and a new competitor shows up with technical momentum, Microsoft does not try to out-ship them on features. They pull the governance card. They talk about compliance, audit, eDiscovery, tenant isolation, and enterprise trust. They let the compliance officer do the selling, and the compliance officer, more often than not, wins.

It is a good playbook. It is working right now against Anthropic. And it has a weakness that Microsoft has not had to think about very hard until this moment, because until this moment the cloud market has been structured in a way that hid the weakness.

The weakness is this. Governance is a moat only when the customer is all-in on your stack. The moment the customer has material workloads outside your stack, governance becomes a feature, not a moat. And the cowork wars are happening at exactly the moment when very few large enterprises are all-in on anyone.

The Governance-as-moat Assumption

Walk into a board meeting at any Fortune 500 and ask where their data actually lives. You will get an answer that looks nothing like the Microsoft marketing deck. Production data in AWS. Analytics in Snowflake or Databricks. Customer data in Salesforce. HR in Workday. Collaboration in M365. Engineering in GitHub. Observability in Datadog. AI experiments across Bedrock, Vertex, Foundry, and direct model APIs, depending on which team moved first. This is the real state of enterprise infrastructure in 2026, and it is the state that makes the Microsoft governance pitch narrower than it sounds.

Purview is excellent inside M365 and Azure. It is mediocre to irrelevant outside of it. That is not a criticism of the product. That is the nature of ecosystem-bound governance tools. They are designed to be excellent where their vendor has control, and they weaken as you get further from that control. The trouble is that the agentic era is specifically about crossing those boundaries. A cowork agent that cannot reach across your full data footprint is not doing the job. And the moment the agent reaches outside the Microsoft perimeter, the Microsoft governance story ends.

The Three Stacks that Already Exist

If you are not all-in on Microsoft, you are already using some combination of three non-Microsoft governance stacks, probably without naming it as such.

The first is the AWS-native stack. IAM, KMS, CloudTrail, VPC endpoints, Macie for data discovery, GuardDuty for threat detection, and Bedrock Guardrails for AI-specific content filtering. This stack carries FedRAMP High and DoD Impact Level 4 and 5 authorizations that Microsoft’s AI offerings do not currently match. For federal, defense, and regulated civilian workloads, AWS is already the winning answer, and Claude is available there as a first-class managed model. Purview is not in that conversation at all.

The second is the GCP-native stack. VPC Service Controls, Customer-Managed Encryption Keys, Cloud Audit Logs, Sensitive Data Protection (the product formerly known as Cloud DLP), and Vertex AI Governance. There is an important nuance here worth raising in any executive conversation. Claude is not available as a managed model on Vertex AI the way it is on Bedrock. If you are a GCP shop and you want Claude, you are either hitting the Anthropic API directly from inside a GCP VPC or routing through a gateway. That gap matters, and it is one of the few places where Microsoft has an actual advantage over Google in the AI governance conversation, because Foundry at least gives you a path.

The third is the multi-cloud data governance stack. Collibra is the name that shows up most often against Purview in analyst reports. Informatica, Alation, and Atlan are the others in the top tier. BigID and Varonis own the data security posture conversation. These platforms are cloud-agnostic by design. They do not care whether your data is in M365, AWS, or a Databricks lakehouse. If your organization has a data estate that spans more than one cloud, you likely already own one of these, and it is already doing work that Purview either cannot do or cannot do well.

The Category that did not Exist 18 Months Ago

Here is where it gets interesting. There is now a fourth stack, and it is the one that matters most for the agentic era.

A new class of vendor has emerged that is purpose-built for AI governance. Harmonic Security, WitnessAI, Prompt Security, Lakera, Opsin Security, Protect AI. These companies sit between the user and the agent. They log prompts and outputs. They apply policy. They detect prompt injection. They handle data loss prevention at the AI layer rather than the file layer. And critically, they work regardless of which cowork product the user is running. They do not care whether you chose Claude Cowork, Copilot Cowork, CoPaw, ChatGPT Agent, or something you built yourself. They govern the interaction, not the infrastructure.

Running in parallel, a set of AI gateway players like Portkey, TrueFoundry, and Kong AI Gateway are doing the infrastructure version of the same job. One endpoint, one policy surface, one audit trail, across every model and every provider. This is the layer where the real money is going to sit. Not in the coworks themselves, but in the layer above them that makes the coworks safe to use at scale across a heterogeneous enterprise.

This is the category Microsoft does not have a good answer for, because to build that category they would have to admit that the customer’s data footprint legitimately extends outside Microsoft’s walls. That admission is philosophically hard for a company whose entire governance pitch rests on the opposite premise.

The Anthropic Wildcard

Here is the scenario that should be keeping someone in Redmond up at night. Anthropic is already a model platform. They have primary-cloud agreements with AWS and deep infrastructure partnerships with Google. They are inside Microsoft’s own product as a subprocessor. They have no native cloud to protect, no data center footprint to defend, and no enterprise legacy business that would be cannibalized by a cloud-agnostic governance stack.

If Anthropic decided tomorrow to build or acquire their way into an AI governance platform, the positioning would be brutal. A governance layer that works across every major cloud, every major model, and every cowork product on the market. Sold not as “Claude governance” but as “agentic governance, period.” That product would turn Microsoft’s greatest strength against them. It would reframe Microsoft’s governance pitch as a cloud lock-in play rather than a trust play. And it would do it at the exact moment when multi-cloud is the default state of the enterprise.

I am not predicting this happens. I am saying the board should be aware that it could, because it would reshape the competitive landscape of the next five years.

What Executive Leadership should Actually Do

Stop picking your cowork based on governance. That is the wrong starting point. Pick your governance layer first, and then use whichever cowork fits that layer best.

Your governance layer needs to be cloud-agnostic because your data footprint already is. It needs to cover AI-specific risks like prompt injection and tool abuse because those risks are materially different from the document-level risks that traditional DLP was built for. And it needs to survive the possibility that your preferred model provider shifts in the next three years, because the historical rate of change in this market suggests it will.

That probably means a combination of a native cloud stack for the infrastructure layer, a multi-cloud data governance platform for the data layer, and one of the new AI-specific governance vendors for the interaction layer. It is not a single tool. It is a three-tier architecture. And the companies getting this right today are the ones treating it as an architecture decision rather than a vendor decision.

Microsoft’s governance pitch is not wrong. It is just narrower than it needs to be to win this fight. The competitors who understand that are already quietly building the stack that will matter when the dust settles. The executives who understand that are already not choosing their cowork based on whose compliance marketing was loudest this quarter.

The next twelve months will sort out which group each of us is in.

Here are your 14 references formatted to match that style:

References

1. dataciders.com. “Data Governance with Microsoft Purview: Limitations Beyond the MS World.” September 15, 2025. dataciders.com

2. PeerSpot. “Microsoft Purview Data Governance: Pros and Cons.” Updated November 2025. peerspot.com/products/microsoft-purview-data-governance-pros-and-cons

3. Finout. “49 Cloud Computing Statistics You Need to Know in 2026.” finout.io/blog/49-cloud-computing-statistics-in-2026

4. AWS Public Sector Blog. “Accelerating Government Innovation: Amazon Bedrock Models Get FedRAMP High and DoD IL-4/5 Approval in AWS GovCloud (US).” June 11, 2025. aws.amazon.com/blogs/publicsector

5. Anthropic. “Claude in Amazon Bedrock: Approved for Use in FedRAMP High and DoD IL4/5 Workloads.” June 11, 2025. anthropic.com/news/claude-in-amazon-bedrock-fedramp-high

6. Levacloud. “Collibra vs Purview: Choosing the Right Tool.” May 23, 2025. levacloud.com

7. PeerSpot. “Collibra Platform vs. Microsoft Purview Data Governance Comparison.” Updated March 2026. peerspot.com/products/comparisons/collibra-platform_vs_microsoft-purview-data-governance

8. Harmonic Security. “What 22 Million Enterprise AI Prompts Reveal About Shadow AI in 2025.” January 15, 2026. harmonic.security

9. WitnessAI. “Unified AI Security and Governance Platform.” witness.ai

10. Lakera. “GenAI Security Readiness Report 2025.” lakera.ai/genai-security-report-2025

11. AI Security Intelligence. “The State of AI Security: Q1 2026.” aisecurityintelligence.com/pages/state-of-ai-security-q1-2026.html

12. Microsoft 365 Blog. “Powering Frontier Transformation with Copilot and Agents.” March 9, 2026. microsoft.com/en-us/microsoft-365/blog

13. Cloud Wars. “Microsoft Copilot Cowork Marshals Corporate Intelligence, AI to Execute Complex Tasks.” March 11, 2026. cloudwars.com

14. Futurum Group. “Will MS Copilot Cowork Enable Real Enterprise AI Collaboration?” futurumgroup.com/insights

Paul J. Swider is CEO & Chief AI Officer at RealActivity, a Microsoft Partner specializing in mission-critical AI for healthcare systems. He has 30+ years in healthcare technology, has trained over 3,000 engineers across GE, IDX, and Microsoft, and is the founder of BOSHUG, the Boston Healthcare Cloud & AI Community spanning 50+ countries.