Cowork's Limits and Known Constraints

Cowork’s Limits and Known Constraints

Post 13 of 14

Introduction

Every product looks better in a demo. This post lists what Cowork cannot do today, by design or by current state, so you can plan rollouts honestly and avoid surprising users mid-pilot.

What Cowork Cannot Do Today

By design (per Microsoft Learn).

• No local file access. Cowork operates on OneDrive and SharePoint only. Files on the user’s device are out of scope.
• No file deletion in OneDrive or SharePoint. Cowork can create and edit; it cannot delete. Users must remove files manually.
• Encrypted files cannot be read. Even when the user has access through their own keys, Cowork cannot process encrypted content.
• Custom skills are not validated by Microsoft. Review any output from a user-authored SKILL.md carefully before relying on it.
• Attachments capped at 200 MB.
• Mobile not yet supported. Cowork runs in the browser at m365.cloud.microsoft and in the Microsoft 365 Copilot desktop app for Windows and Mac.

Capacity and throughput.

• Prompt size cap: 250,000 characters.
• Voice input availability depends on the browser; not all browsers support it.

Regional and licensing constraints.

• Cowork access requires Frontier program enrolment for both the tenant and the admin account.
• Anthropic models — used by Cowork — are excluded by default in the EU, UK, and EFTA. Admins must opt in.
• Government, sovereign, GCC, GCC High, and DoD clouds have no Anthropic access; no toggle is shown.
• Use is currently limited to Anthropic-supported countries and regions.
• Cowork is part of Microsoft 365 E7 (general availability 1 May 2026, $99/user/month). Cowork itself is in Frontier preview; the broader GA timeline is not public.

Audit-log gaps to plan around.

• The standalone Anthropic Claude Cowork product does not yet have full audit-log or Compliance API coverage. This is the standalone product, not Microsoft Copilot Cowork.
• Within Microsoft 365, Cowork actions are auditable by design within the tenant — but validate the specific coverage of your SIEM integration before relying on it for regulatory evidence during the preview period.

Functional gaps versus the standalone Claude Cowork:

• No local computer use.
• No native third-party tool integrations beyond Microsoft 365 (no Slack, Jira, Notion, Google Workspace skills today).
• Currently limited to the Microsoft 365 ecosystem.

This is the trade-off statement: Cowork exchanges autonomy and breadth for the certainty that AI-driven actions remain within an auditable, policy-governed, compliance-covered infrastructure. For most regulated enterprises, that trade is the point.

Things that change quickly during a preview.

• Skill list (currently 13 built-in).
• Custom skill cap (currently 20 per user).
• Default behaviors after fallback to OpenAI when Anthropic is disabled (worth re-checking each release).
• General availability timing.

Re-read the FAQ monthly during the preview.

Takeaway

Knowing the boundaries is what makes a Cowork rollout credible. Lead with these constraints in your enablement materials so users discover them in your training, not on a Friday afternoon.

Sources

• Cowork common questions (Frontier)
• Cowork deep-dive (attached source)