Ranger: a Scout-alternative Copilot Cowork plugin
July 17, 2026
Microsoft Scout shipped in Frontier preview with browser automation, code execution, persistent memory, and M365 access. It’s impressive — but it requires a GitHub Copilot Business or Enterprise license on top of your M365 Copilot license, runs only on desktop, needs Intune policy configuration, and routes LLM interactions through external AI models via the GitHub Copilot SDK.
Ranger delivers the same capabilities through Copilot Cowork using only M365 Copilot Credits you’ve already purchased. No additional licensing. No desktop app. No Intune enrollment. It works anywhere Cowork works — web, Teams, and mobile. You do need a small Azure footprint (a Container App and ACA Sandboxes — roughly $15-30/mo plus pay-per-use compute), but no per-user seat cost beyond what you’re already paying for M365 Copilot.
The licensing difference
Scout’s prerequisites on Microsoft Learn explicitly require both:
- Microsoft 365 Copilot license — access to M365 Copilot
- GitHub Copilot Business or Enterprise license — LLM processing through the GitHub Copilot SDK
The Responsible AI FAQ confirms: “LLM interactions in Microsoft Scout are processed through GitHub Copilot, which operates under separate terms. In those cases, prompts, content, and related data may be transmitted outside Microsoft 365, including to third-party model providers configured through GitHub Copilot.”
Cowork plugins consume M365 Copilot Credits through usage-based billing — the same credits your organization already manages for other M365 Copilot features. No separate GitHub license needed. Data stays within your M365 compliance boundary.
What Ranger provides
28 MCP tools organized across 9 skills:
| Category | Tools | Implementation |
|---|---|---|
| Browser automation | 9 Playwright tools | Cloud Playwright in ACA Sandboxes |
| Code execution | Python, bash, JS, TS, .NET, R | Isolated microVMs with 31 pre-installed packages |
| Documents | Word, Excel, PowerPoint | python-docx, openpyxl, python-pptx |
| Memory | save, recall, list | In-memory (Cosmos DB with private endpoint for prod) |
| OneDrive | save, read, list, delete | Graph OBO — full CRUD |
| Email and Teams | send email, post message | Graph OBO |
| Calendar | list, create, free/busy, delete | Graph OBO |
| Internet search | browser-based Bing | No API key required |
| Parallel execution | run_parallel | Concurrent Promise.all |
Architecture
graph LR
A[M365 Copilot] --> B[Cowork Plugin - Ranger]
B --> C[MCP Server - Azure Container App]
C --> D[ACA Sandboxes - Browser]
C --> E[ACA Sandboxes - Code]
C --> F[Microsoft Graph OBO]
C --> G[In-process cron scheduler]
The MCP server runs on Azure Container Apps with a system-assigned managed identity. Browser and code execution happen in isolated ACA Sandbox microVMs — each session gets a fresh Linux VM with no shared state. M365 access uses Graph On-Behalf-Of flow with explicit scopes for OneDrive, Email, Teams, and Calendar.
The server uses plain JSON-RPC over HTTPS (not SSE). Cowork requires this transport for tool injection.
How it compares to Scout
| Aspect | Scout | Ranger |
|---|---|---|
| Licensing | M365 Copilot + GitHub Copilot license | M365 Copilot Credits only |
| LLM routing | GitHub Copilot SDK (external models) | M365 Copilot (internal) |
| Form factor | Desktop app (Windows/macOS) | Cowork plugin (web, Teams, mobile) |
| Admin setup | Frontier enrollment + Intune policy + attestation | M365 Admin Center app deployment |
| Browser | Local Playwright | Cloud Playwright in ACA Sandboxes |
| Code execution | Local shell | Isolated microVMs (6 languages, 31 packages) |
| Automations | Heartbeat + scheduled (desktop must be on) | In-process cron (24/7, no desktop) |
| Multi-user | Single desktop user | Any M365 Copilot user in the org |
| Governance | Intune | M365 Admin Center + Defender |
| Data residency | Data transmitted outside M365 via GitHub | Stays within M365 compliance boundary |
Azure resources
| Resource | Purpose | Cost |
|---|---|---|
| Container App (minReplicas: 1) | MCP server | ~$15-30/mo |
| ACA Sandboxes | Per-session compute (browser/code) | Pay-per-use |
| Entra App Registration | OAuth + OBO for Graph | Free |
Key technical insights
A few things I learned building this:
- Cowork requires plain JSON-RPC — the MCP SDK’s
StreamableHTTPServerTransportreturns SSE, which Cowork can parse for discovery but won’t inject tools from. You need a raw JSON-RPC handler. - OAuth client registration (not SSO) in Teams Developer Portal is required for
tools/callto work. - devPreview schema with no
mcpToolDescriptionenables dynamic tool discovery. - OBO with explicit scopes — using
.defaultonly returnsUser.Read. You must list individual scopes (Files.ReadWrite.All, Mail.Send, etc.). - readOnlyHint: true on tools skips the user confirmation prompt in Cowork.
- Disk images for custom sandbox environments are created via the
azure-containerapps-sandboxPython SDK withregistry_credentials.
Deployment
The deployment is four steps: build the container image, assign RBAC, register OAuth in Teams Developer Portal, and upload the plugin package. Full instructions are in the repository.
Source
The complete implementation — MCP server, skill definitions, custom sandbox Dockerfiles, and deployment scripts — is in the Cowork Plugins/Ranger folder of my SharingIsCaring repository.