|
| 1 | +--- |
| 2 | +title: Configuring enterprise managed settings |
| 3 | +shortTitle: Enterprise managed settings |
| 4 | +allowTitleToDifferFromFilename: true |
| 5 | +intro: Configure enterprise managed settings by defining a `{% data variables.copilot.managed_setting_file %}` file in your enterprise's `.github-private` repository to centrally control {% data variables.product.prodname_copilot_short %} client configurations. |
| 6 | +permissions: Enterprise owners |
| 7 | +redirect_from: |
| 8 | + - /copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/disable-automatic-commands |
| 9 | + - /copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/configure-enterprise-plugin-standards |
| 10 | +versions: |
| 11 | + feature: copilot |
| 12 | +contentType: how-tos |
| 13 | +category: |
| 14 | + - Configure Copilot |
| 15 | + - Manage Copilot for a team |
| 16 | +--- |
| 17 | + |
| 18 | +With enterprise managed settings, enterprise owners can centrally define and distribute configuration settings to {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %} for users on your enterprise's {% data variables.product.prodname_copilot_short %} plan, ensuring every member works within the same guardrails. Additional client support will follow. The `{% data variables.copilot.managed_setting_file %}` takes precedence over file-based configuration set by users in their clients for the supported keys. |
| 19 | + |
| 20 | +## Consolidated schema reference |
| 21 | + |
| 22 | +The `{% data variables.copilot.managed_setting_file %}` file supports the following top-level properties. You can include any combination of these properties based on which settings you want to enforce. |
| 23 | + |
| 24 | +```json copy |
| 25 | +{ |
| 26 | + "extraKnownMarketplaces": { |
| 27 | + "agent-skills": { |
| 28 | + "source": { |
| 29 | + "source": "github", |
| 30 | + "repo": "OWNER/REPO" |
| 31 | + } |
| 32 | + } |
| 33 | + }, |
| 34 | + "strictKnownMarketplaces": [ |
| 35 | + { |
| 36 | + "source": "github", |
| 37 | + "repo": "OWNER/REPO" |
| 38 | + } |
| 39 | + ], |
| 40 | + "enabledPlugins": { |
| 41 | + "PLUGIN-NAME@MARKETPLACE-NAME": true |
| 42 | + }, |
| 43 | + "permissions": { |
| 44 | + "disableBypassPermissionsMode": "disable", |
| 45 | + "model": "auto" |
| 46 | + } |
| 47 | +} |
| 48 | +``` |
| 49 | + |
| 50 | +* `extraKnownMarketplaces`: Defines additional plugin marketplaces available to users. Each entry is a named marketplace object containing a `source` property that specifies the provider (`"github"`) and the repository in `OWNER/REPO` format. |
| 51 | +* `strictKnownMarketplaces`: Restricts plugin installation to only the marketplaces explicitly defined by the enterprise. Each entry is a marketplace object containing a `source` property. The `source` specifies the provider as either `"github"` with a `repo` in `OWNER/REPO` format, or `"git"` with a `url` pointing to a git repository. |
| 52 | +* `enabledPlugins`: Defines plugins that are automatically installed for all enterprise users. Each entry uses the format `PLUGIN-NAME@MARKETPLACE-NAME` as the key, with a boolean value of `true` to enable the plugin. |
| 53 | +* `permissions`: Controls whether users can bypass command approval. |
| 54 | + * Set `model` to `"auto"` so new conversations start with Copilot auto model selection by default. Users can still switch to a different model on a per-conversation basis. |
| 55 | + * Set `disableBypassPermissionsMode` to `"disable"` to prevent users from turning on bypass mode. See [Disabling bypass mode for your enterprise](#disabling-bypass-mode-for-your-enterprise) further in this article for more information. |
| 56 | + |
| 57 | +## Configuring enterprise plugin standards |
| 58 | + |
| 59 | +You can apply settings to control users' available plugin marketplaces and default-installed plugins. See [AUTOTITLE](/copilot/concepts/agents/about-enterprise-plugin-standards). |
| 60 | + |
| 61 | +{% data reusables.copilot.create-managed-settings %} |
| 62 | +1. Add your plugin policy configuration to the file, using the `extraKnownMarketplaces`, `strictKnownMarketplaces`, and `enabledPlugins` properties described in [Consolidated schema reference](#consolidated-schema-reference). |
| 63 | + |
| 64 | + ```json copy |
| 65 | + { |
| 66 | + "extraKnownMarketplaces": { |
| 67 | + "agent-skills": { |
| 68 | + "source": { |
| 69 | + "source": "github", |
| 70 | + "repo": "OWNER/REPO" |
| 71 | + } |
| 72 | + } |
| 73 | + }, |
| 74 | + "strictKnownMarketplaces": [ |
| 75 | + { |
| 76 | + "source": "github", |
| 77 | + "repo": "OWNER/REPO" |
| 78 | + } |
| 79 | + ], |
| 80 | + "enabledPlugins": { |
| 81 | + "PLUGIN-NAME@MARKETPLACE-NAME": true |
| 82 | + } |
| 83 | + } |
| 84 | + ``` |
| 85 | + |
| 86 | +1. Commit and push your changes to the default branch of the `.github-private` repository. |
| 87 | + |
| 88 | +## Setting Copilot auto model selection as the default |
| 89 | + |
| 90 | +You can set auto model selection as the default model for new conversations in {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %}. To learn more see [AUTOTITLE](/copilot/concepts/auto-model-selection). By setting it as the default for your enterprise, you ensure new conversations start with Auto model selected. |
| 91 | + |
| 92 | +### What setting Auto model as the default does |
| 93 | + |
| 94 | +When you set `model` to `"auto"` under `permissions`, new conversations start with Auto model selected in both clients: |
| 95 | + |
| 96 | +* In {% data variables.copilot.copilot_cli_short %}, new sessions use Auto model unless the user specifies a different model. |
| 97 | +* In {% data variables.product.prodname_vscode_shortname %}, the model picker defaults to Auto model when a user starts a new conversation. |
| 98 | + |
| 99 | +Users can still switch to a different model on a per-conversation basis. |
| 100 | + |
| 101 | +## Disabling bypass mode for your enterprise |
| 102 | + |
| 103 | +You can prevent users from enabling bypass mode (also known as "YOLO mode") in {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %}. Bypass mode lets an agent run commands, access files, and fetch URLs without asking for approval. By disabling it for your enterprise, you ensure that a person reviews each of these actions. |
| 104 | + |
| 105 | +### What disabling bypass mode prevents |
| 106 | + |
| 107 | +When you set `disableBypassPermissionsMode` to `"disable"`, users cannot turn on bypass mode in either client: |
| 108 | + |
| 109 | +* In {% data variables.copilot.copilot_cli_short %}, the `--yolo`, `--allow-all`, `--allow-all-tools`, `--allow-all-paths`, and `--allow-all-urls` command-line options and the `/yolo` and `/allow-all` slash commands are blocked. |
| 110 | +* In {% data variables.product.prodname_vscode_shortname %}, the global auto-approve setting (`chat.tools.global.autoApprove`), also known as "YOLO mode," is turned off and cannot be re-enabled. |
| 111 | + |
| 112 | +### Configuring the setting |
| 113 | + |
| 114 | +{% data reusables.copilot.create-managed-settings %} |
| 115 | +1. Add the `permissions` property to the file, with `disableBypassPermissionsMode` set to `"disable"`. |
| 116 | + |
| 117 | + ```json copy |
| 118 | + { |
| 119 | + "permissions": { |
| 120 | + "disableBypassPermissionsMode": "disable" |
| 121 | + } |
| 122 | + } |
| 123 | + ``` |
| 124 | + |
| 125 | +1. Commit and push your changes to the default branch of the `.github-private` repository. |
| 126 | + |
| 127 | +## Verifying the configuration has applied |
| 128 | + |
| 129 | +Once the configuration is committed, users will see the specified settings the next time they authenticate from a supported client. Clients pull the latest configuration once per hour. |
| 130 | + |
| 131 | +If a user does not see these settings, ensure they receive access to {% data variables.product.prodname_copilot_short %} through your enterprise or one of its organizations. If a user receives a license from multiple billing entities, ensure they have selected your enterprise in the "Usage billed to" dropdown in their [personal {% data variables.product.prodname_copilot_short %} settings](https://github.com/settings/copilot/features). |
0 commit comments