Skip to content

Commit e8a29a4

Browse files
amrithsssophiethekingdihydroJenoxide
authored
Consolidate enterprise managed settings (#61977)
Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> Co-authored-by: Jenni C <97056108+dihydroJenoxide@users.noreply.github.com>
1 parent e50c387 commit e8a29a4

5 files changed

Lines changed: 132 additions & 94 deletions

File tree

Lines changed: 131 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,131 @@
1+
---
2+
title: Configuring enterprise managed settings
3+
shortTitle: Enterprise managed settings
4+
allowTitleToDifferFromFilename: true
5+
intro: Configure enterprise managed settings by defining a `{% data variables.copilot.managed_setting_file %}` file in your enterprise's `.github-private` repository to centrally control {% data variables.product.prodname_copilot_short %} client configurations.
6+
permissions: Enterprise owners
7+
redirect_from:
8+
- /copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/disable-automatic-commands
9+
- /copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/configure-enterprise-plugin-standards
10+
versions:
11+
feature: copilot
12+
contentType: how-tos
13+
category:
14+
- Configure Copilot
15+
- Manage Copilot for a team
16+
---
17+
18+
With enterprise managed settings, enterprise owners can centrally define and distribute configuration settings to {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %} for users on your enterprise's {% data variables.product.prodname_copilot_short %} plan, ensuring every member works within the same guardrails. Additional client support will follow. The `{% data variables.copilot.managed_setting_file %}` takes precedence over file-based configuration set by users in their clients for the supported keys.
19+
20+
## Consolidated schema reference
21+
22+
The `{% data variables.copilot.managed_setting_file %}` file supports the following top-level properties. You can include any combination of these properties based on which settings you want to enforce.
23+
24+
```json copy
25+
{
26+
"extraKnownMarketplaces": {
27+
"agent-skills": {
28+
"source": {
29+
"source": "github",
30+
"repo": "OWNER/REPO"
31+
}
32+
}
33+
},
34+
"strictKnownMarketplaces": [
35+
{
36+
"source": "github",
37+
"repo": "OWNER/REPO"
38+
}
39+
],
40+
"enabledPlugins": {
41+
"PLUGIN-NAME@MARKETPLACE-NAME": true
42+
},
43+
"permissions": {
44+
"disableBypassPermissionsMode": "disable",
45+
"model": "auto"
46+
}
47+
}
48+
```
49+
50+
* `extraKnownMarketplaces`: Defines additional plugin marketplaces available to users. Each entry is a named marketplace object containing a `source` property that specifies the provider (`"github"`) and the repository in `OWNER/REPO` format.
51+
* `strictKnownMarketplaces`: Restricts plugin installation to only the marketplaces explicitly defined by the enterprise. Each entry is a marketplace object containing a `source` property. The `source` specifies the provider as either `"github"` with a `repo` in `OWNER/REPO` format, or `"git"` with a `url` pointing to a git repository.
52+
* `enabledPlugins`: Defines plugins that are automatically installed for all enterprise users. Each entry uses the format `PLUGIN-NAME@MARKETPLACE-NAME` as the key, with a boolean value of `true` to enable the plugin.
53+
* `permissions`: Controls whether users can bypass command approval.
54+
* Set `model` to `"auto"` so new conversations start with Copilot auto model selection by default. Users can still switch to a different model on a per-conversation basis.
55+
* Set `disableBypassPermissionsMode` to `"disable"` to prevent users from turning on bypass mode. See [Disabling bypass mode for your enterprise](#disabling-bypass-mode-for-your-enterprise) further in this article for more information.
56+
57+
## Configuring enterprise plugin standards
58+
59+
You can apply settings to control users' available plugin marketplaces and default-installed plugins. See [AUTOTITLE](/copilot/concepts/agents/about-enterprise-plugin-standards).
60+
61+
{% data reusables.copilot.create-managed-settings %}
62+
1. Add your plugin policy configuration to the file, using the `extraKnownMarketplaces`, `strictKnownMarketplaces`, and `enabledPlugins` properties described in [Consolidated schema reference](#consolidated-schema-reference).
63+
64+
```json copy
65+
{
66+
"extraKnownMarketplaces": {
67+
"agent-skills": {
68+
"source": {
69+
"source": "github",
70+
"repo": "OWNER/REPO"
71+
}
72+
}
73+
},
74+
"strictKnownMarketplaces": [
75+
{
76+
"source": "github",
77+
"repo": "OWNER/REPO"
78+
}
79+
],
80+
"enabledPlugins": {
81+
"PLUGIN-NAME@MARKETPLACE-NAME": true
82+
}
83+
}
84+
```
85+
86+
1. Commit and push your changes to the default branch of the `.github-private` repository.
87+
88+
## Setting Copilot auto model selection as the default
89+
90+
You can set auto model selection as the default model for new conversations in {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %}. To learn more see [AUTOTITLE](/copilot/concepts/auto-model-selection). By setting it as the default for your enterprise, you ensure new conversations start with Auto model selected.
91+
92+
### What setting Auto model as the default does
93+
94+
When you set `model` to `"auto"` under `permissions`, new conversations start with Auto model selected in both clients:
95+
96+
* In {% data variables.copilot.copilot_cli_short %}, new sessions use Auto model unless the user specifies a different model.
97+
* In {% data variables.product.prodname_vscode_shortname %}, the model picker defaults to Auto model when a user starts a new conversation.
98+
99+
Users can still switch to a different model on a per-conversation basis.
100+
101+
## Disabling bypass mode for your enterprise
102+
103+
You can prevent users from enabling bypass mode (also known as "YOLO mode") in {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %}. Bypass mode lets an agent run commands, access files, and fetch URLs without asking for approval. By disabling it for your enterprise, you ensure that a person reviews each of these actions.
104+
105+
### What disabling bypass mode prevents
106+
107+
When you set `disableBypassPermissionsMode` to `"disable"`, users cannot turn on bypass mode in either client:
108+
109+
* In {% data variables.copilot.copilot_cli_short %}, the `--yolo`, `--allow-all`, `--allow-all-tools`, `--allow-all-paths`, and `--allow-all-urls` command-line options and the `/yolo` and `/allow-all` slash commands are blocked.
110+
* In {% data variables.product.prodname_vscode_shortname %}, the global auto-approve setting (`chat.tools.global.autoApprove`), also known as "YOLO mode," is turned off and cannot be re-enabled.
111+
112+
### Configuring the setting
113+
114+
{% data reusables.copilot.create-managed-settings %}
115+
1. Add the `permissions` property to the file, with `disableBypassPermissionsMode` set to `"disable"`.
116+
117+
```json copy
118+
{
119+
"permissions": {
120+
"disableBypassPermissionsMode": "disable"
121+
}
122+
}
123+
```
124+
125+
1. Commit and push your changes to the default branch of the `.github-private` repository.
126+
127+
## Verifying the configuration has applied
128+
129+
Once the configuration is committed, users will see the specified settings the next time they authenticate from a supported client. Clients pull the latest configuration once per hour.
130+
131+
If a user does not see these settings, ensure they receive access to {% data variables.product.prodname_copilot_short %} through your enterprise or one of its organizations. If a user receives a license from multiple billing entities, ensure they have selected your enterprise in the "Usage billed to" dropdown in their [personal {% data variables.product.prodname_copilot_short %} settings](https://github.com/settings/copilot/features).

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/configure-enterprise-plugin-standards.md

Lines changed: 0 additions & 52 deletions
This file was deleted.

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/create-github-private-repo.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,5 +40,4 @@ The "Configuration summary" on the settings page will display the settings taken
4040

4141
## Next steps
4242
* [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents)
43-
* [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/disable-automatic-commands)
4443
* [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/configure-enterprise-plugin-standards)

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/disable-automatic-commands.md

Lines changed: 0 additions & 39 deletions
This file was deleted.

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/index.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,7 @@ versions:
77
children:
88
- /prepare-for-custom-agents
99
- /create-github-private-repo
10-
- /configure-enterprise-plugin-standards
11-
- /disable-automatic-commands
10+
- /configure-enterprise-managed-settings
1211
- /monitor-agentic-activity
1312
- /enable-copilot-cloud-agent
1413
- /block-agentic-features

0 commit comments

Comments
 (0)