[EDI] Copilot: Restructure organization/enterprise Copilot policies (#56603)
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>
This commit is contained in:
Felicity Chapman
@@ -47,7 +47,7 @@ type: overview
|
||||
|
||||
## About {% data variables.product.prodname_copilot_short %} code referencing on {% data variables.product.prodname_dotcom_the_website %}
|
||||
|
||||
If you've allowed suggestions that match public code, then whenever a response from {% data variables.copilot.copilot_chat_short %} includes matching code, details of the matches will be included in the response.
|
||||
If you, or your organization, have allowed suggestions that match public code, then whenever a response from {% data variables.copilot.copilot_chat_short %} includes matching code, details of the matches will be included in the response.
|
||||
|
||||
> [!NOTE]
|
||||
> Typically, matches to public code occur infrequently, so you should not expect to see code references in many {% data variables.copilot.copilot_chat_short %} responses.
|
||||
@@ -72,16 +72,18 @@ When {% data variables.copilot.copilot_chat_short %} provides a response that in
|
||||
|
||||
## How code referencing finds matching code
|
||||
|
||||
{% data variables.product.prodname_copilot_short %} code referencing searches for matches by taking the code suggestion, plus some of the code that will surround the suggestion if it is accepted, and comparing it against an index of all public repositories on {% data variables.product.prodname_dotcom_the_website %}.
|
||||
{% data variables.product.prodname_copilot_short %} code referencing compares potential code suggestions and the surrounding code of about 150 characters against an index of all public repositories on {% data variables.product.prodname_dotcom_the_website %}.
|
||||
|
||||
Code in private {% data variables.product.prodname_dotcom %} repositories, or code outside of {% data variables.product.prodname_dotcom %}, is not included in the search process.
|
||||
|
||||
The search index is refreshed every few months. As a result, newly committed code, and code from public repositories deleted before the index was created, may not be included in the search. For the same reason, the search may return matches to code that has been deleted or moved since the index was created.
|
||||
|
||||
## Limitations
|
||||
|
||||
The search index is refreshed every few months. As a result, newly committed code, and code from public repositories deleted before the index was created, may not be included in the search. For the same reason, the search may return matches to code that has been deleted or moved since the index was created.
|
||||
|
||||
References to matching code are currently available in JetBrains IDEs, {% data variables.product.prodname_vs %}, {% data variables.product.prodname_vscode %}, and on the {% data variables.product.github %} website.
|
||||
|
||||
## Further reading
|
||||
|
||||
* [AUTOTITLE](/copilot/how-tos/completions/finding-public-code-that-matches-github-copilot-suggestions)
|
||||
* [AUTOTITLE](/copilot/how-tos/manage-your-account/managing-copilot-policies-as-an-individual-subscriber)
|
||||
* [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization)
|
||||
|
||||
@@ -83,6 +83,10 @@ topics:
|
||||
|
||||
{% endeclipse %}
|
||||
|
||||
## Code suggestions that match public code
|
||||
|
||||
{% data variables.product.prodname_copilot %} checks each suggestion for matches with publicly available code. Any matches are discarded or suggested with a code reference, based on the setting of the "Suggestions matching public code" policy for your account or organization. See [AUTOTITLE](/copilot/concepts/completions/code-referencing).
|
||||
|
||||
## Next steps
|
||||
|
||||
* [AUTOTITLE](/copilot/how-tos/completions/getting-code-suggestions-in-your-ide-with-github-copilot)
|
||||
|
||||
@@ -15,6 +15,7 @@ children:
|
||||
- /indexing-repositories-for-copilot-chat
|
||||
- /about-copilot-coding-agent
|
||||
- /about-organizing-and-sharing-context-with-copilot-spaces
|
||||
- /policies
|
||||
- /copilot-knowledge-bases
|
||||
- /build-copilot-extensions
|
||||
---
|
||||
|
||||
52
content/copilot/concepts/policies.md
Normal file
52
content/copilot/concepts/policies.md
Normal file
@@ -0,0 +1,52 @@
|
||||
---
|
||||
title: Copilot policies to control availability of features and models
|
||||
shortTitle: Policies
|
||||
allowTitleToDifferFromFilename: true
|
||||
intro: 'Learn about the policies that control the availability of {% data variables.product.prodname_copilot %} features and models for users granted a license through your organization or an organization in your enterprise.'
|
||||
versions:
|
||||
feature: copilot
|
||||
type: overview
|
||||
topics:
|
||||
- Copilot
|
||||
- Policy
|
||||
- Access management
|
||||
- Organizations
|
||||
- Enterprise
|
||||
---
|
||||
|
||||
## About policies for {% data variables.product.prodname_copilot_short %}
|
||||
|
||||
When you assign a {% data variables.product.prodname_copilot_short %} license to a member of your organization, you can control the features they can use under that license with {% data variables.product.prodname_copilot_short %} policies.
|
||||
|
||||
Policies are grouped into different types.
|
||||
|
||||
* **Feature policy:** Defines the availability of a {% data variables.product.prodname_copilot_short %} feature. Shown on the "Policies" page.
|
||||
* **Privacy policy:** Defines whether a potentially sensitive action is allowed or not. Show at the end of the "Policies" page.
|
||||
* **Models policy:** Defines the availability of models beyond the basic models provided with {% data variables.product.prodname_copilot_short %}, which may incur additional costs. Shown on the "Models" page.
|
||||
|
||||
Each policy controls availability for members who receive a {% data variables.product.prodname_copilot_short %} license from your enterprise or organization.
|
||||
|
||||
## Organization-level control of policies
|
||||
|
||||
Organization owners set policies to control the availability of features and models for users granted a {% data variables.product.prodname_copilot_short %} license by the organization. For example, an organization owner can enable or disable using {% data variables.product.prodname_copilot_short %} in the IDE (unless an enterprise owner has defined availability for the feature at the enterprise level).
|
||||
|
||||
The enforcement options for feature and model policies in an organization are:
|
||||
|
||||
* **Unconfigured** - A placeholder, which is removed once you have defined a setting. The policy is treated as disabled for this organization until you select an option.
|
||||
* **Enabled** - The feature is **available** to all members who are assigned {% data variables.product.prodname_copilot_short %} by the organization.
|
||||
* **Disabled** - The feature is **blocked** for all members who are assigned {% data variables.product.prodname_copilot_short %} by the organization.
|
||||
|
||||
For privacy policies, the options are called "Allowed" and "Blocked" in preference to enabled and disabled. This provides a clearer message of the impact of a privacy policy.
|
||||
|
||||
## Enterprise-level control of policies
|
||||
|
||||
Enterprise owners can choose to set policies for {% data variables.product.prodname_copilot_short %} at the enterprise level or to delegate the decision to organization owners using the **No policy** option.
|
||||
|
||||
If a policy is defined at the enterprise level, control of the policy is disabled at the organization level.
|
||||
|
||||
If organization owners are allowed to set a policy, some organizations may enable a feature while others disable it. If a member receives access to {% data variables.product.prodname_copilot_short %} through multiple organizations with conflicting policies, either the least or most permissive policy may apply, depending on the policy. For more information, see [AUTOTITLE](/copilot/reference/feature-availability-enterprise).
|
||||
|
||||
## Next steps
|
||||
|
||||
* [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization)
|
||||
* [AUTOTITLE](/copilot/how-tos/administer/enterprises/managing-policies-and-features-for-copilot-in-your-enterprise)
|
||||
@@ -1,136 +1,36 @@
|
||||
---
|
||||
title: Managing policies and features for Copilot in your enterprise
|
||||
intro: 'Enterprise owners can control the availability of {% data variables.product.prodname_copilot %} and its features for all organizations in the enterprise.'
|
||||
intro: 'Control the availability of features for {% data variables.product.prodname_copilot %} in your enterprise using policies.'
|
||||
permissions: Enterprise owners
|
||||
product: '{% data variables.copilot.copilot_enterprise_short %} or {% data variables.copilot.copilot_business_short %}'
|
||||
versions:
|
||||
feature: copilot-enterprise
|
||||
allowTitleToDifferFromFilename: true
|
||||
type: how_to
|
||||
topics:
|
||||
- Copilot
|
||||
shortTitle: Manage policies
|
||||
- Enterprise
|
||||
shortTitle: Manage enterprise policies
|
||||
redirect_from:
|
||||
- /copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise
|
||||
---
|
||||
|
||||
## About policies for {% data variables.product.prodname_copilot %} in your enterprise
|
||||
When an organization owner assigns a {% data variables.product.prodname_copilot_short %} license to a member of their organization, the availability of features and models is controlled by policies.
|
||||
|
||||
You can set policies that control the availability of {% data variables.product.prodname_copilot_short %} and its features in your enterprise and organizations.
|
||||
## Defining policies for your enterprise
|
||||
|
||||
The enforcement options for {% data variables.product.prodname_copilot_short %} policies in your enterprise are:
|
||||
|
||||
* **Enabled** - The feature is available in all organizations with {% data variables.product.prodname_copilot_short %} enabled in your enterprise.
|
||||
* **Disabled** - The feature is blocked for all organizations with {% data variables.product.prodname_copilot_short %} enabled in your enterprise.
|
||||
* **No policy** - Control of the feature is delegated to organization owners to set.
|
||||
|
||||
If a policy is enabled or disabled at the enterprise level, the same policy cannot be changed at the organization level.
|
||||
|
||||
You can configure policies for your enterprise. If no policy is chosen at the enterprise level, and multiple organizations within the enterprise choose different policies and grant access to the same users, the policy will be enforced as listed in the table.
|
||||
|
||||
| Policy Name | Enforced policy for multiple organizations |
|
||||
| ----------- | ------------------------------------------ |
|
||||
| [{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}](#copilot-in-githubcom) | least restrictive |
|
||||
| [{% data variables.copilot.copilot_cli %}](#github-copilot-in-the-cli) | least restrictive |
|
||||
| [{% data variables.copilot.copilot_desktop_short %}](#copilot-in-github-desktop) | least restrictive |
|
||||
| [{% data variables.copilot.copilot_chat %} in the IDE](#github-copilot-chat-in-the-ide) | least restrictive |
|
||||
| [Editor preview features](#editor-preview-features) | least restrictive |
|
||||
| [{% data variables.copilot.copilot_mobile %}](#github-copilot-chat-in-github-mobile) | least restrictive |
|
||||
| [{% data variables.copilot.copilot_extensions %}](#github-copilot-extensions) | least restrictive |
|
||||
| [Suggestions matching public code](#suggestions-matching-public-code) | most restrictive |
|
||||
| [Give {% data variables.product.prodname_copilot_short %} access to Bing](#give-copilot-access-to-bing) | least restrictive |
|
||||
| [{% data variables.product.prodname_copilot_short %} access to alternative AI models](#copilot-access-to-alternative-ai-models) | least restrictive |
|
||||
| [{% data variables.product.prodname_copilot_short %} Metrics API access](#copilot-metrics-api-access) | most restrictive |
|
||||
| [{% data variables.copilot.copilot_coding_agent %}](#copilot-coding-agent) | least restrictive |
|
||||
| [MCP servers in {% data variables.product.prodname_copilot_short %}](#mcp-servers-in-copilot) | least restrictive |
|
||||
|
||||
### {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}
|
||||
|
||||
You can enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" to provide members of your enterprise access to AI features on the {% data variables.product.github %} website, including:
|
||||
* **{% data variables.copilot.copilot_chat %} in {% data variables.product.prodname_dotcom_the_website %}** - You can ask {% data variables.product.prodname_copilot %} coding-related questions within a chat interface on {% data variables.product.github %}. You can ask general questions or questions within a specific context such as a repository, issue, file, or symbol.
|
||||
* **{% data variables.product.prodname_copilot_short %} pull request summaries** - {% data variables.product.prodname_copilot_short %} can generate a summary of the changes made in a pull request, as well as a list of impacted files, using natural language. This overview helps reviewers quickly understand the proposed changes.
|
||||
* **{% data variables.product.prodname_copilot_short %} knowledge bases** - Organization owners can create knowledge bases consisting of Markdown documentation across one or more repositories, allowing organization members to use that documentation as context when they ask questions in {% data variables.copilot.copilot_chat_dotcom_short %}, {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_vscode %}, and {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_vs %}.
|
||||
|
||||
If you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}," you can also configure additional features:
|
||||
|
||||
{% data reusables.copilot.policies-for-dotcom %}
|
||||
|
||||
### {% data variables.copilot.copilot_cli %}
|
||||
|
||||
{% data variables.copilot.copilot_cli %} is an extension for {% data variables.product.prodname_cli %} which provides a chat-like interface in the terminal. You can ask {% data variables.product.prodname_copilot %} for command suggestions, or for explanations of commands they run.
|
||||
|
||||
### {% data variables.copilot.copilot_desktop_short %}
|
||||
|
||||
You can generate commit messages and descriptions in {% data variables.product.prodname_desktop %} based on the changes you make to your project.
|
||||
|
||||
### {% data variables.copilot.copilot_chat %} in the IDE
|
||||
|
||||
You can chat with {% data variables.product.prodname_copilot %} in your IDE to get code suggestions and answers to coding-related questions without context switching.
|
||||
|
||||
### Editor preview features
|
||||
|
||||
Some features of {% data variables.product.prodname_copilot_short %} are available as preview features in your editor. You can enable or disable these features for your enterprise.
|
||||
|
||||
### {% data variables.copilot.copilot_mobile %}
|
||||
|
||||
{% data variables.copilot.copilot_mobile %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %} to ask and receive answers to coding-related questions within {% data variables.product.prodname_mobile %}.
|
||||
|
||||
### {% data variables.copilot.copilot_extensions %}
|
||||
|
||||
{% data variables.copilot.copilot_extensions %} integrate external tools with {% data variables.copilot.copilot_chat %}, helping members of your enterprise reduce context switching, interact with tools using natural language, and customize their {% data variables.copilot.copilot_chat_short %} experience.
|
||||
|
||||
### Suggestions matching public code
|
||||
|
||||
{% data variables.product.prodname_copilot %} includes a filter which detects code suggestions that match public code on {% data variables.product.prodname_dotcom %}. When the filter is enabled, {% data variables.product.prodname_copilot %} checks code suggestions with their surrounding code of about 150 characters against public code on {% data variables.product.prodname_dotcom %}. If there is a match or near match, the suggestion will not be shown.
|
||||
|
||||
### Give {% data variables.product.prodname_copilot_short %} access to Bing
|
||||
|
||||
{% data variables.copilot.copilot_chat %} can use Bing to provide enhanced responses by searching the internet for information related to a question. Bing search is particularly helpful when discussing new technologies or highly specific subjects.
|
||||
|
||||
### {% data variables.product.prodname_copilot_short %} access to alternative AI models
|
||||
|
||||
By default, {% data variables.copilot.copilot_chat_short %} uses an included model. If you grant access to the alternative models, members of your enterprise can choose to use these models rather than the included model. The available alternative models are:
|
||||
|
||||
* **{% data variables.copilot.copilot_claude %}**. See [AUTOTITLE](/copilot/using-github-copilot/ai-models/using-claude-in-github-copilot).
|
||||
* **{% data variables.copilot.copilot_gemini %}**. See [AUTOTITLE](/copilot/using-github-copilot/ai-models/using-gemini-in-github-copilot).
|
||||
* **OpenAI models:** See [AUTOTITLE](/copilot/using-github-copilot/ai-models/using-openai-gpt-41-in-github-copilot).
|
||||
|
||||
> [!NOTE]
|
||||
> This setting has no impact on the model used by {% data variables.copilot.copilot_coding_agent %}.
|
||||
|
||||
### {% data variables.product.prodname_copilot_short %} Metrics API access
|
||||
|
||||
Enable this policy to allow users to use the {% data variables.product.prodname_copilot_short %} Metrics API. See [AUTOTITLE](/rest/copilot/copilot-metrics).
|
||||
|
||||
### {% data variables.copilot.copilot_coding_agent %}
|
||||
|
||||
{% data reusables.copilot.coding-agent.preview-note %}
|
||||
|
||||
{% data variables.copilot.copilot_coding_agent %} is an autonomous, AI-powered software development agent. During the preview, use of the feature is subject to [GitHub Pre-release License Terms](/free-pro-team@latest/site-policy/github-terms/github-pre-release-license-terms). This feature may use models which are not enabled on your "Models" settings page. The cost of a premium request made by {% data variables.copilot.copilot_coding_agent %} is independent of the model it uses.
|
||||
|
||||
You can enable "{% data variables.copilot.copilot_coding_agent %}" to allow members of your enterprise to use {% data variables.copilot.copilot_coding_agent %} under the Copilot license you have assigned them. This will allow them to assign work or issues to {% data variables.product.prodname_copilot_short %} in organization repositories where {% data variables.copilot.copilot_coding_agent %} is available and to enable {% data variables.copilot.copilot_coding_agent %} for their personal repositories.
|
||||
|
||||
Alternatively, set to "No policy" to leave organization owners to make the decision in their organization settings.
|
||||
|
||||
> [!TIP] Enabling your license holders to use {% data variables.copilot.copilot_coding_agent %} is the first step in making {% data variables.copilot.copilot_coding_agent %} available for use in repositories in your organizations. For more information, see [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/adding-copilot-coding-agent-to-organization).
|
||||
|
||||
### MCP servers in {% data variables.product.prodname_copilot_short %}
|
||||
|
||||
{% data reusables.copilot.coding-agent.mcp-brief-intro %}
|
||||
|
||||
You can enable this policy to allow users to connect MCP servers to {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_vscode %} and {% data variables.copilot.copilot_coding_agent_short %}.
|
||||
|
||||
* By default, this policy is disabled. When disabled, users with a {% data variables.product.prodname_copilot_short %} seat assigned by the enterprise or any child organizations will not be able to access MCP servers (remote or local) in {% data variables.product.prodname_copilot_short %}.
|
||||
* If the policy is set to **Disabled** or **Enabled** at the enterprise level, all child organizations will inherit the same policy configuration.
|
||||
* This policy only applies to users with a {% data variables.copilot.copilot_enterprise_short %} or {% data variables.copilot.copilot_business_short %} seat assigned by the same enterprise (or any of its child organizations) configuring the policy. It does not govern MCP access for any users with a {% data variables.product.prodname_copilot_short %} Free, Pro or Pro+ license.
|
||||
|
||||
> [!NOTE]
|
||||
> This policy does not apply to {% data variables.product.prodname_copilot_short %} editors where MCP support is still in preview. Instead, you can use the **Editor preview features** policy to disable MCP access in these editors.
|
||||
|
||||
For more information on using MCP, see [AUTOTITLE](/copilot/how-tos/context/model-context-protocol/extending-copilot-chat-with-mcp) and [AUTOTITLE](/copilot/using-github-copilot/coding-agent/extending-copilot-coding-agent-with-mcp).
|
||||
|
||||
## Configuring policies for {% data variables.product.prodname_copilot %}
|
||||
Enterprise owners can define a policy for the whole enterprise, or delegate the decision to individual organization owners. See [AUTOTITLE](/copilot/concepts/policies).
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.policies-tab %}
|
||||
{% data reusables.enterprise-accounts.copilot-tab %}
|
||||
{% data reusables.enterprise-accounts.copilot-policies-tab %}
|
||||
1. For each policy you want to configure, click the dropdown menu and select an enforcement option.
|
||||
1. On the "{% data variables.product.prodname_copilot %}" page:
|
||||
* Click the **Policies** tab to edit the policies that control privacy and availability of features.
|
||||
* Click the **Models** tab to edit the policies that control availability of models beyond the basic models provided with {% data variables.product.prodname_copilot_short %}, which may incur additional costs.
|
||||
1. For each policy you want to configure, click the dropdown menu and select an enforcement option. Select **No policy** to delegate the decision to individual organization owners. For more information, see [AUTOTITLE](/copilot/reference/feature-availability-enterprise).
|
||||
|
||||
## Opting in to previews or feedback
|
||||
|
||||
If your enterprise has a {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} plan and you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" on the "Policies" tab, two additional options are displayed:
|
||||
|
||||
{% data reusables.copilot.policies-for-dotcom %}
|
||||
|
||||
@@ -26,7 +26,8 @@ redirect_from:
|
||||
|
||||
## Enabling {% data variables.copilot.copilot_coding_agent %} for your members
|
||||
|
||||
{% data reusables.organizations.copilot-policy-ent-overrides-org %}
|
||||
> [!NOTE]
|
||||
> {% data reusables.organizations.copilot-policy-ent-overrides-org %}
|
||||
|
||||
{% data variables.copilot.copilot_coding_agent %} and use of third-party MCP servers are disabled by default for organization members assigned a {% data variables.copilot.copilot_enterprise %} or {% data variables.copilot.copilot_business_short %} license by your organization.
|
||||
|
||||
|
||||
@@ -12,9 +12,10 @@ topics:
|
||||
- Copilot
|
||||
children:
|
||||
- /managing-the-copilot-plan-for-your-organization
|
||||
- /managing-policies-for-copilot-in-your-organization
|
||||
- /managing-access-to-github-copilot-in-your-organization
|
||||
- /managing-policies-for-copilot-in-your-organization
|
||||
- /adding-copilot-coding-agent-to-organization
|
||||
- /set-extension-permissions
|
||||
- /reviewing-activity-related-to-github-copilot-in-your-organization
|
||||
---
|
||||
|
||||
|
||||
@@ -1,10 +1,12 @@
|
||||
---
|
||||
title: Managing policies for Copilot in your organization
|
||||
intro: 'Learn how to manage policies for {% data variables.product.prodname_copilot %} in your organization.'
|
||||
title: Managing policies and features for Copilot in your organization
|
||||
intro: 'Control the availability of {% data variables.product.prodname_copilot %} features and models for users granted a license by your organization.'
|
||||
permissions: Organization owners
|
||||
product: 'Organizations with a {% data variables.copilot.copilot_for_business %} or {% data variables.copilot.copilot_enterprise %} plan'
|
||||
versions:
|
||||
feature: copilot
|
||||
type: how_to
|
||||
allowTitleToDifferFromFilename: true
|
||||
redirect_from:
|
||||
- /copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization
|
||||
- /copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization
|
||||
@@ -20,108 +22,33 @@ redirect_from:
|
||||
- /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization
|
||||
topics:
|
||||
- Copilot
|
||||
- Organizations
|
||||
shortTitle: Manage policies
|
||||
---
|
||||
|
||||
## About policies for {% data variables.product.prodname_copilot %}
|
||||
|
||||
Organization owners can set policies to govern how {% data variables.product.prodname_copilot %} can be used within the organization. For example, an organization owner can enable or disable the following {% data variables.product.prodname_copilot_short %} features{% ifversion ghec %} (unless an enterprise owner has blocked access to these features at the enterprise level){% endif %}:
|
||||
|
||||
* {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}
|
||||
* {% data variables.copilot.copilot_chat_short %} in the IDE
|
||||
* Editor preview Copilot features, such as:
|
||||
* Image support in {% data variables.copilot.copilot_chat_short %} (available in {% data variables.product.prodname_vscode_shortname %} and {% data variables.product.prodname_vs %})
|
||||
>[!NOTE] This setting only applies to preview features within {% data variables.product.prodname_copilot_short %} and does not control all preview-related settings in {% data variables.product.prodname_vscode_shortname %}.
|
||||
* {% data variables.copilot.copilot_coding_agent %} ({% data variables.release-phases.public_preview %})
|
||||
* {% data variables.copilot.copilot_spaces %} (public preview)
|
||||
* MCP servers in {% data variables.product.prodname_copilot_short %}
|
||||
* {% data variables.copilot.copilot_spaces %} ({% data variables.release-phases.public_preview %})
|
||||
* {% data variables.copilot.copilot_mobile_short %}
|
||||
* {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_windows_terminal %}
|
||||
* {% data variables.copilot.copilot_desktop_short %}
|
||||
* Suggestions matching public code
|
||||
* Access to alternative models for {% data variables.product.prodname_copilot_short %}
|
||||
* Anthropic {% data variables.copilot.copilot_claude %} in {% data variables.product.prodname_copilot_short %}
|
||||
* Google {% data variables.copilot.copilot_gemini %} in {% data variables.product.prodname_copilot_short %}
|
||||
* OpenAI models in {% data variables.product.prodname_copilot_short %}
|
||||
|
||||
The policy settings selected by an organization owner determine the behavior of {% data variables.product.prodname_copilot_short %} for all organization members that have been granted access to {% data variables.product.prodname_copilot_short %} through the organization.
|
||||
|
||||
### Policies for suggestion matching
|
||||
|
||||
Organization settings include an option to either allow or block code suggestions that match publicly available code. If you choose to block suggestions matching public code, {% data variables.product.prodname_copilot_short %} will check potential code suggestions and the surrounding code of about 150 characters against public code on {% data variables.product.prodname_dotcom %}. If there is a match, or a near match, the suggestion is not shown.
|
||||
|
||||
{% ifversion ghec %}If your enterprise admin has selected **No policy** for suggestion matching at the enterprise level, you can set a suggestion matching policy for your organization.
|
||||
|
||||
If an organization member is assigned a seat by multiple organizations with different suggestion matching policies under the same enterprise, {% data variables.product.prodname_copilot_short %} will use the most restrictive policy.{% endif %}
|
||||
|
||||
## Enabling {% data variables.product.prodname_copilot_short %} features in your organization
|
||||
|
||||
{% data reusables.organizations.copilot-policy-ent-overrides-org %}
|
||||
|
||||
## Enabling {% data variables.product.prodname_copilot_short %} features and models in your organization
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.copilot.policy-settings %}
|
||||
1. Use the dropdown options to the right of each feature to enable or disable that feature for your organization.
|
||||
|
||||
For example, to enable or disable suggestion matching, in the "Suggestions matching public code" dropdown, select **Allowed** or **Blocked**.
|
||||
|
||||
1. If your organization has a {% data variables.copilot.copilot_business_short %}{% ifversion ghec %} or {% data variables.copilot.copilot_enterprise_short %}{% endif %} plan and you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}," two additional options are displayed:
|
||||
|
||||
{% data reusables.copilot.policies-for-dotcom %}
|
||||
|
||||
> [!TIP]
|
||||
> If you choose to enable {% data variables.copilot.copilot_coding_agent %} for users, you also need to define which repositories the agent is available in, see [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/adding-copilot-coding-agent-to-organization).
|
||||
|
||||
## Setting a policy for MCP servers connecting to {% data variables.product.prodname_copilot_short %} in your organization
|
||||
|
||||
{% data reusables.copilot.coding-agent.mcp-brief-intro %}
|
||||
|
||||
You can enable this policy to allow users to connect MCP (Model Context Protocol) servers to {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_vscode %} and {% data variables.copilot.copilot_coding_agent_short %}.
|
||||
|
||||
* By default, this policy is disabled. When disabled, members with a {% data variables.product.prodname_copilot_short %} seat assigned by the organization will not be able to access MCP servers (remote or local) in {% data variables.product.prodname_copilot_short %}.
|
||||
* If there is a parent enterprise with the policy set to **Enabled** or **Disabled**, the organizations will inherit (and cannot change) the configuration set by the parent enterprise.
|
||||
* If **No policy** is selected at the enterprise level and multiple organizations within the enterprise assign seats to the same users, each with different policies, the least restrictive policy is applied.
|
||||
* This policy only applies to members with a {% data variables.copilot.copilot_enterprise_short %} or {% data variables.copilot.copilot_business_short %} license assigned by the same organization configuring or inheriting the policy. It does not govern MCP access for any members with a {% data variables.product.prodname_copilot_short %} Free, Pro or Pro+ plan.
|
||||
* For centralized governance across all organizations you can configure the policy at the enterprise level.
|
||||
1. In the sidebar, under "Code, planning, and automation", click **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}**.
|
||||
* Click **Policies** to edit the policies that control privacy and availability of features.
|
||||
* Click **Models** to edit the policies that control availability of models beyond the basic models provided with {% data variables.product.prodname_copilot_short %}, which may incur additional costs.
|
||||
1. For each policy you want to configure, click the dropdown menu and select an enforcement option.
|
||||
|
||||
> [!NOTE]
|
||||
> This policy does not apply to {% data variables.product.prodname_copilot_short %} editors where MCP support is still in preview. Instead, you can use the **Editor preview features** policy to disable MCP access in these editors.
|
||||
> The **MCP servers in {% data variables.product.prodname_copilot_short %}** policy controls use where MCP server support is generally available (GA). In features where MCP support is in preview, for example {% data variables.product.prodname_copilot_short %} editors, availability is controlled by the **Editor preview features** policy.
|
||||
|
||||
For more information on using MCP, see [AUTOTITLE](/copilot/how-tos/context/model-context-protocol/extending-copilot-chat-with-mcp) and [AUTOTITLE](/copilot/using-github-copilot/coding-agent/extending-copilot-coding-agent-with-mcp).
|
||||
## Opting in to to previews or feedback
|
||||
|
||||
## Setting a policy for {% data variables.copilot.copilot_extensions %} in your organization
|
||||
If your organization has a {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} plan and you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}", two additional options are displayed:
|
||||
|
||||
{% data variables.copilot.copilot_extensions %} integrate external tools with {% data variables.copilot.copilot_chat %}. See [AUTOTITLE](/copilot/using-github-copilot/using-extensions-to-integrate-external-tools-with-copilot-chat).
|
||||
|
||||
Before you install {% data variables.copilot.copilot_extensions_short %} in your organization, you should set a usage policy for your organization. Setting a usage policy allows you to enable or disable {% data variables.copilot.copilot_extensions_short %} for all members of your organization, limiting your security risk.
|
||||
|
||||
{% ifversion ghec %}
|
||||
If {% data variables.copilot.copilot_extensions_short %} have not been enabled or disabled at the enterprise level, you can set a {% data variables.copilot.copilot_extensions_short %} policy for your organization.
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.copilot.policy-settings %}
|
||||
1. In the "{% data variables.copilot.copilot_extensions_short %}" section, select the dropdown menu, then enable or disable {% data variables.copilot.copilot_extensions_short %} for your organization.
|
||||
|
||||
### Managing permissions for a {% data variables.copilot.copilot_extension %} in your organization
|
||||
|
||||
After you have installed a {% data variables.copilot.copilot_extension_short %} in your organization, you can view the permissions the extension has in your organization, and why those permissions are necessary. If you do not want the {% data variables.copilot.copilot_extension_short %} to have the listed permissions, you can suspend or uninstall the extension.
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.apps.access-org-app-settings %}
|
||||
1. Optionally, to filter your installed {% data variables.product.prodname_github_apps %} for {% data variables.copilot.copilot_extensions_short %}, select the **Filter:** dropdown menu, then click **{% data variables.copilot.copilot_extensions_short %}**.
|
||||
1. Next to the {% data variables.copilot.copilot_extension_short %} you want to review or modify, click **Configure**.
|
||||
1. In the "Permissions" section, review the permissions listed for the {% data variables.copilot.copilot_extension_short %}. Optionally, you can block the {% data variables.copilot.copilot_extension_short %}'s access to your organization in one of two ways:
|
||||
* To indefinitely suspend the {% data variables.copilot.copilot_extension_short %}'s access to resources in your organization while keeping the extension installed, in the "Danger zone" section, click **Suspend**.
|
||||
* To uninstall a {% data variables.copilot.copilot_extension_short %} completely, in the "Danger zone" section, click **Uninstall**.
|
||||
{% data reusables.copilot.policies-for-dotcom %}
|
||||
|
||||
## Further reading
|
||||
|
||||
* [{% data variables.product.prodname_copilot %} Trust Center](https://copilot.github.trust.page)
|
||||
* [AUTOTITLE](/copilot/using-github-copilot/finding-public-code-that-matches-github-copilot-suggestions){% ifversion ghec %}
|
||||
* [AUTOTITLE](/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-enterprise)
|
||||
* [AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/making-copilot-coding-agent-available-to-enterprise){% else %}
|
||||
* [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/adding-copilot-coding-agent-to-organization){% endif %}
|
||||
* [AUTOTITLE](/copilot/using-github-copilot/finding-public-code-that-matches-github-copilot-suggestions)
|
||||
* [AUTOTITLE](/copilot/how-tos/administer/organizations/set-extension-permissions)
|
||||
* [AUTOTITLE](/enterprise-cloud@latest/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-enterprise)
|
||||
|
||||
@@ -0,0 +1,41 @@
|
||||
---
|
||||
title: Setting permissions for a Copilot extension in your organization
|
||||
intro: 'Learn how to control access to {% data variables.copilot.copilot_extensions %}.'
|
||||
permissions: Organization owners
|
||||
product: 'Organizations with a {% data variables.copilot.copilot_for_business %} or {% data variables.copilot.copilot_enterprise %} plan'
|
||||
versions:
|
||||
feature: copilot-extensions
|
||||
type: how_to
|
||||
allowTitleToDifferFromFilename: true
|
||||
topics:
|
||||
- Copilot
|
||||
- Organizations
|
||||
- Permissions
|
||||
shortTitle: Set extension permissions
|
||||
---
|
||||
|
||||
{% data variables.copilot.copilot_extensions %} integrate external tools with {% data variables.copilot.copilot_chat %}. See [AUTOTITLE](/copilot/concepts/build-copilot-extensions/about-building-copilot-extensions).
|
||||
|
||||
## Prerequisites
|
||||
|
||||
* Set a usage policy to enable or disable {% data variables.copilot.copilot_extensions_short %} for all users granted a {% data variables.product.prodname_copilot_short %} license by your organization, controlling your security risk. See [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization).
|
||||
* Install a {% data variables.copilot.copilot_extension_short %} in your organization. See [AUTOTITLE](/copilot/how-tos/context/install-copilot-extensions/extending-the-capabilities-of-github-copilot-in-your-organization).
|
||||
|
||||
## Managing permissions for a {% data variables.copilot.copilot_extension %} in your organization
|
||||
|
||||
After you have installed a {% data variables.copilot.copilot_extension_short %} in your organization, you can view the permissions the extension has in your organization, and why those permissions are necessary. If you do not want the {% data variables.copilot.copilot_extension_short %} to have the listed permissions, you can suspend or uninstall the extension.
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.apps.access-org-app-settings %}
|
||||
1. Optionally, to filter your installed {% data variables.product.prodname_github_apps %} for {% data variables.copilot.copilot_extensions_short %}, select the **Filter:** dropdown menu, then click **{% data variables.copilot.copilot_extensions_short %}**.
|
||||
1. Next to the {% data variables.copilot.copilot_extension_short %} you want to review or modify, click **Configure**.
|
||||
1. In the "Permissions" section, review the permissions listed for the {% data variables.copilot.copilot_extension_short %}. Optionally, you can block the {% data variables.copilot.copilot_extension_short %}'s access to your organization in one of two ways:
|
||||
* To indefinitely suspend the {% data variables.copilot.copilot_extension_short %}'s access to resources in your organization while keeping the extension installed, in the "Danger zone" section, click **Suspend**.
|
||||
* To uninstall a {% data variables.copilot.copilot_extension_short %} completely, in the "Danger zone" section, click **Uninstall**.
|
||||
|
||||
## Further reading
|
||||
|
||||
* [{% data variables.product.prodname_copilot %} Trust Center](https://copilot.github.trust.page)
|
||||
* [AUTOTITLE](/copilot/how-tos/context/install-copilot-extensions/using-extensions-to-integrate-external-tools-with-copilot-chat)
|
||||
* [AUTOTITLE](/copilot/concepts/build-copilot-extensions/about-building-copilot-extensions)
|
||||
56
content/copilot/reference/feature-availability-enterprise.md
Normal file
56
content/copilot/reference/feature-availability-enterprise.md
Normal file
@@ -0,0 +1,56 @@
|
||||
---
|
||||
title: Feature availability when Copilot policies conflict in organizations
|
||||
shortTitle: Feature availability (enterprise)
|
||||
allowTitleToDifferFromFilename: true
|
||||
intro: 'Learn how delegating {% data variables.product.prodname_copilot_short %} policy decisions to organizations affects users granted a license by organizations with different policies.'
|
||||
versions:
|
||||
feature: copilot
|
||||
type: reference
|
||||
topics:
|
||||
- Copilot
|
||||
- Policy
|
||||
- Access management
|
||||
- Organizations
|
||||
- Enterprise
|
||||
---
|
||||
|
||||
## About delegating policy decisions to organizations
|
||||
|
||||
Policies can be defined for a whole enterprise, or set at the organization level. See [AUTOTITLE](/copilot/concepts/policies).
|
||||
|
||||
When an enterprise owner delegates control of a policy to organization owners by setting "No policy," some organizations may enable a feature while others disable it. Users may be granted a {% data variables.product.prodname_copilot_short %} license by organizations with different policies for the same feature.
|
||||
|
||||
## How availability is determined
|
||||
|
||||
Feature, model, and privacy settings for users are set according to the **least restrictive** or the **most restrictive** policy defined by any of the organizations where they are granted a {% data variables.product.prodname_copilot_short %} license.
|
||||
|
||||
* **Least restrictive:** if any of the organizations has **enabled** a feature, this feature is enabled for the user everywhere. This applies to all but the more sensitive {% data variables.product.prodname_copilot_short %} features.
|
||||
|
||||
* **Most restrictive:** if any of the organizations has **disabled** a feature, this feature is disabled for the user in all their organizations. This applies only to the most sensitive {% data variables.product.prodname_copilot_short %} features, for example: access to {% data variables.product.prodname_copilot_short %} metrics using the API.
|
||||
|
||||
## Availability for members with {% data variables.product.prodname_copilot_short %} from multiple organizations
|
||||
|
||||
<!--The table below uses the following sort order:
|
||||
1. Policies with "Most restrictive" at the top in alphabetic order.
|
||||
2. Follow with remaining policies in alphabetic order.-->
|
||||
|
||||
| Policy | Availability matches | More information |
|
||||
| :---- | :---- | :---- |
|
||||
| {% data variables.product.prodname_copilot_short %} Metrics API | Most restrictive organization | [AUTOTITLE](/rest/copilot/copilot-metrics) |
|
||||
| Suggestions matching public code (privacy policy) | Most restrictive organization | [AUTOTITLE](/copilot/concepts/completions/code-suggestions) |
|
||||
| {% data variables.product.prodname_copilot_short %} can search the web | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github#leveraging-a-web-search-to-answer-a-question) |
|
||||
| {% data variables.copilot.copilot_mobile_short %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github-mobile) |
|
||||
| {% data variables.copilot.copilot_chat_short %} in the IDE | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-your-ide) |
|
||||
| {% data variables.copilot.copilot_coding_agent %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-copilot-coding-agent-on-githubcom) |
|
||||
| {% data variables.copilot.copilot_extensions_short %} | Least restrictive organization | [AUTOTITLE](/copilot/concepts/build-copilot-extensions/about-building-copilot-extensions) |
|
||||
| {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github) |
|
||||
| {% data variables.copilot.copilot_desktop_short %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-in-github-desktop) |
|
||||
| {% data variables.copilot.copilot_cli_short %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-in-the-cli) |
|
||||
| Editor preview features | Least restrictive organization | [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-pre-release-license-terms) |
|
||||
| {% data variables.product.prodname_github_models %}, one policy per model | Least restrictive organization | [AUTOTITLE](/github-models/github-models-at-scale/manage-models-at-scale) |
|
||||
| MCP servers in {% data variables.product.prodname_copilot_short %} | Least restrictive organization | [AUTOTITLE](/copilot/using-github-copilot/coding-agent/extending-copilot-coding-agent-with-mcp) |
|
||||
|
||||
## Next steps
|
||||
|
||||
* [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization)
|
||||
* [AUTOTITLE](/copilot/how-tos/administer/enterprises/managing-policies-and-features-for-copilot-in-your-enterprise)
|
||||
@@ -8,6 +8,7 @@ topics:
|
||||
- Copilot
|
||||
children:
|
||||
- /github-copilot-chat-cheat-sheet
|
||||
- /feature-availability-enterprise
|
||||
- /ai-models
|
||||
- /proxy-server-and-firewall-settings-for-copilot
|
||||
- /copilot-extensions
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% data variables.product.prodname_copilot_short %} code referencing identifies and attributes code suggestions by linking them to their original public sources, helping you understand where the code originates.
|
||||
|
||||
If you've allowed suggestions that match public code, {% data variables.product.prodname_copilot %} can provide you with details of the code that a suggestion matches. This happens:
|
||||
If you, or your organization, have allowed suggestions that match public code, {% data variables.product.prodname_copilot %} can provide you with details of the code that a suggestion matches. This happens:
|
||||
|
||||
* When you accept a code completion suggestion in the editor.
|
||||
* When a response in {% data variables.copilot.copilot_chat_short %} includes matching code.
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
* **Opt in to user feedback collection:** If enabled, users can provide feedback on {% data variables.product.prodname_copilot_short %} pull request summaries. For more information, see [AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot).
|
||||
* **Opt in to user feedback collection:** If enabled, users will see options to provide feedback on selected {% data variables.product.prodname_copilot_short %} features.
|
||||
* **Opt in to preview features:** If enabled, users can test new {% data variables.product.prodname_copilot_short %} features that are not yet generally available. Be aware that previews of features may have flaws, and the features may be changed or discontinued at any time. Current previews of {% data variables.product.prodname_copilot_short %} features include:
|
||||
|
||||
* {% data variables.copilot.copilot_spaces %}. See [AUTOTITLE](/copilot/using-github-copilot/copilot-spaces/about-organizing-and-sharing-context-with-copilot-spaces).
|
||||
|
||||
3
data/reusables/copilot/policies-intro.md
Normal file
3
data/reusables/copilot/policies-intro.md
Normal file
@@ -0,0 +1,3 @@
|
||||
When an organization owner assigns a {% data variables.product.prodname_copilot_short %} license to a member of their organization, the user's access to features and models is controlled by policies.
|
||||
|
||||
Enterprise owners can define a policy for the whole enterprise, or delegate the decision to individual organization owners. See [AUTOTITLE](/copilot/concepts/policies).
|
||||
@@ -1 +1 @@
|
||||
1. In the "{% octicon "law" aria-hidden="true" aria-label="law" %} Policies" section, click **{% data variables.product.prodname_copilot_short %}**.
|
||||
1. In the "Policies" section, click **{% data variables.product.prodname_copilot_short %}**.
|
||||
|
||||
@@ -1 +1 @@
|
||||
>[!NOTE] {% data variables.product.prodname_copilot_short %} policies are also managed at the enterprise level. If your organization is part of an enterprise, and explicit settings have been selected at the enterprise level, you cannot override those settings at the organization level. For more information on managing policies at the enterprise level, see [AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise).
|
||||
{% data variables.product.prodname_copilot_short %} policies are also managed at the enterprise level. If your organization is part of an enterprise, and explicit settings have been selected at the enterprise level, you cannot override those settings at the organization level. For information on how policies combine, see [AUTOTITLE](/copilot/concepts/policies).
|
||||
|
||||
Reference in New Issue
Block a user