[DO NOT MERGE] November 8–9: GitHub Universe 2023 megabranch (#44245)

Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Courtney Claessens <courtneycl@github.com>
Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>
Co-authored-by: Steve Guntrip <stevecat@github.com>
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com>
Co-authored-by: Jules Porter <jules-p@users.noreply.github.com>
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
Co-authored-by: hubwriter <hubwriter@github.com>
Co-authored-by: Melissa Xie <mxie@users.noreply.github.com>
Co-authored-by: Andy Feller <andyfeller@github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Kelly Arwine <kellyarwine@github.com>
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
Co-authored-by: Tiferet Gazit <tiferet@github.com>
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
Co-authored-by: Annelisa Stephan <meowius@github.com>
Co-authored-by: Vanessa <vgrl@github.com>
Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com>
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: isaacmbrown <isaacmbrown@github.com>
Co-authored-by: Greg Padak <gpadak@github.com>

.github/CODEOWNERS

@@ -14,4 +14,16 @@ src/ghes-releases/lib/enterprise-dates.json @github/docs-content-enterprise
 content/actions/deployment/security-hardening-your-deployments/** @github/oidc
 
 # RAI - CELA
-content/copilot/github-copilot-chat/about-github-copilot-chat.md @github/legal-product
+data/reusables/copilot/about-copilot-chat.md @github/legal-product
+content/copilot/github-copilot-in-the-cli/about-github-copilot-in-the-cli.md @github/legal-product
+
+content/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns @github/legal-product
+data/reusables/secret-scanning/beta-custom-pattern-regular-expression-generator.md @github/legal-product
+
+content/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning.md @github/legal-product
+data/reusables/secret-scanning/generic-secret-detection-ai.md @github/legal-product
+
+content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md @github/legal-product
+data/reusables/rai/ @github/legal-product
+
+content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries.md @github/legal-product

content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md

@@ -18,61 +18,56 @@ topics:
   - SSO
 ---
 
-## About SAML single sign-on for {% data variables.product.prodname_emus %}
+## About SAML SSO for {% data variables.product.prodname_emus %}
 
-With {% data variables.product.prodname_emus %}, your enterprise uses your corporate identity provider to authenticate all members. Instead of signing in to {% data variables.product.prodname_dotcom %} with a {% data variables.product.prodname_dotcom %} username and password, members of your enterprise will sign in through your IdP.
+With {% data variables.product.prodname_emus %}, access to your enterprise's resources on {% data variables.location.product_location %} must be authenticated through your identity provider (IdP). Instead of signing in to {% data variables.product.prodname_dotcom %} with a {% data variables.product.prodname_dotcom %} username and password, members of your enterprise will sign in through your IdP.
 
-{% data variables.product.prodname_emus %} supports the following IdPs:
-
-{% data reusables.enterprise-accounts.emu-supported-idps %}
-
-After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your identity provider is unavailable.
+After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your IdP is unavailable.
 
 {% data reusables.enterprise_user_management.SAML-to-OIDC-migration-for-EMU %}
 
-{% note %}
+## Prerequisites
 
-**Note:** When SAML SSO is enabled, the only setting you can update on {% data variables.product.prodname_dotcom %} for your existing SAML configuration is the SAML certificate. If you need to update the Sign on URL or Issuer, you must first disable SAML SSO and then reconfigure SAML SSO with the new settings.
+- Ensure that you understand the integration requirements and level of support for your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)."
 
-{% endnote %}
+- Your IdP must adhere to the SAML 2.0 specification. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
 
-## Configuring SAML single sign-on for {% data variables.product.prodname_emus %}
+{% ifversion emu-public-scim-schema %}-{% endif %} To configure your IdP for SAML SSO with {% data variables.product.prodname_emus %}, you must have a tenant and administrative access on your IdP.
 
-To configure SAML SSO for your {% data variables.enterprise.prodname_emu_enterprise %}, you must configure an application on your IdP and then configure your enterprise on GitHub.com. After you configure SAML SSO, you can configure user provisioning.
+{%- ifversion emu-public-scim-schema %}
 
-To install and configure the {% data variables.product.prodname_emu_idp_application %} application on your IdP, you must have a tenant and administrative access on a supported IdP.
+- {% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}
+{%- endif %}
 
-{% note %}
+## Configuring SAML SSO for {% data variables.product.prodname_emus %}
 
-{% data reusables.enterprise-accounts.emu-password-reset-session %}
+To configure SAML SSO for your {% data variables.enterprise.prodname_emu_enterprise %}, you must configure an application on your IdP, then configure your enterprise on {% data variables.location.product_location %}. After you configure SAML SSO, you can configure user provisioning.
 
-{% endnote %}
+1. [Configure your IdP](#configuring-your-idp)
+1. [Configure your enterprise](#configuring-your-enterprise)
+1. [Enable provisioning](#enabling-provisioning)
 
-1. [Configuring your identity provider](#configuring-your-identity-provider)
-1. [Configuring your enterprise](#configuring-your-enterprise)
-1. [Enabling provisioning](#enabling-provisioning)
+### Configuring your IdP
 
-### Configuring your identity provider
+1. {% ifversion emu-public-scim-schema %}If you use a partner IdP, to install the {% data variables.product.prodname_emu_idp_application %} application, click one of the following links.{% else %}To install the GitHub Enterprise Managed User application, click the link for your IdP below:{% endif %}
 
-To configure your IdP, follow the instructions they provide for configuring the {% data variables.product.prodname_emu_idp_application %} application on your IdP.
+    - [Azure AD application](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.githubenterprisemanageduser?tab=Overview) in Azure Marketplace
+    - [Okta application](https://www.okta.com/integrations/github-enterprise-managed-user) in Okta's integrations directory
+    - [PingFederate downloads website](https://www.pingidentity.com/en/resources/downloads/pingfederate.html)
 
-1. To install the {% data variables.product.prodname_emu_idp_application %} application, click the link for your IdP below:
+      - To download the PingFederate connector, navigate to the **Add-ons** tab and select **GitHub EMU Connector 1.0**.
 
-     - [{% data variables.product.prodname_emu_idp_application %} application on Azure Active Directory](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.githubenterprisemanageduser?tab=Overview)
-     - [{% data variables.product.prodname_emu_idp_application %} application on Okta](https://www.okta.com/integrations/github-enterprise-managed-user)
-     - [{% data variables.product.prodname_emu_idp_application %} connector on PingFederate](https://www.pingidentity.com/en/resources/downloads/pingfederate.html)
+1. To configure SAML SSO for {% data variables.product.prodname_emus %} on your IdP, read the following documentation. {% ifversion emu-public-scim-schema %}If you don't use a partner IdP, you can use the SAML configuration reference for {% data variables.product.product_name %} to create and configure a generic SAML 2.0 application on your IdP.{% endif %}
 
-       To download the PingFederate connector, navigate to the **Add-ons** tab and select **GitHub EMU Connector 1.0**.
+   - [Azure AD instructions](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-tutorial) in the Azure AD documentation
+   - [Okta instructions](https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-GitHub-Enterprise-Managed-User.html) in the Okta documentation
+   - [PingFederate instructions](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_emu_connector) in the PingIdentity documentation
+   {%- ifversion emu-public-scim-schema %}
+   - "[AUTOTITLE](/admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference)"
+   {%- endif %}
+1. To test and configure your enterprise, assign yourself or the user that will configure SAML SSO for your enterprise on {% data variables.location.product_location %} to the application you configured for {% data variables.product.prodname_emus %} on your IdP.
 
-1. To configure the {% data variables.product.prodname_emu_idp_application %} application and your IdP, click the link below and follow the instructions provided by your IdP:
-
-     - [Azure Active Directory tutorial for {% data variables.product.prodname_emus %}](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-tutorial)
-     - [Okta documentation for {% data variables.product.prodname_emus %}](https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-GitHub-Enterprise-Managed-User.html)
-     - [PingFederate documentation for {% data variables.product.prodname_emus %}](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_emu_connector)
-
-1. So you can test and configure your enterprise, assign yourself or the user that will be configuring SAML SSO on {% data variables.product.prodname_dotcom %} to the {% data variables.product.prodname_emu_idp_application %} application on your IdP.
-
-1. To enable you to continue configuring your enterprise on {% data variables.product.prodname_dotcom %}, locate and note the following information from the application you installed on your IdP.
+1. To continue configuring your enterprise on {% data variables.location.product_location %}, locate and note the following information from the application you installed on your IdP.
 
     | Value | Other names | Description |
     | :- | :- | :- |
@@ -82,15 +77,23 @@ To configure your IdP, follow the instructions they provide for configuring the
 
 ### Configuring your enterprise
 
-After you install and configure the {% data variables.product.prodname_emu_idp_application %} application on your identity provider, you can configure your enterprise.
+After you configure SAML SSO for {% data variables.product.prodname_emus %} on your IdP, you can configure your enterprise on {% data variables.location.product_location %}.
+
+After the initial configuration of SAML SSO, the only setting you can update on {% data variables.location.product_location %} for your existing SAML configuration is the SAML certificate. If you need to update the sign-on URL or issuer URL, you must first disable SAML SSO, then reconfigure SAML SSO with the new settings. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/disabling-authentication-for-enterprise-managed-users)."
 
 {% data reusables.emus.sign-in-as-setup-user %}
+
+   {% note %}
+
+   **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %}
+
+   {% endnote %}
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}
 
 1. Under "SAML single sign-on", select **Require SAML authentication**.
-1. Under **Sign on URL**, type the HTTPS endpoint of your IdP for single sign-on requests that you noted while configuring your IdP.
+1. Under **Sign on URL**, type the HTTPS endpoint of your IdP for SSO requests that you noted while configuring your IdP.
 1. Under **Issuer**, type your SAML issuer URL that you noted while configuring your IdP, to verify the authenticity of sent messages.
 1. Under **Public Certificate**, paste the certificate that you noted while configuring your IdP, to verify SAML responses.
 {% data reusables.saml.edit-signature-and-digest-methods %}
@@ -99,7 +102,7 @@ After you install and configure the {% data variables.product.prodname_emu_idp_a
 
     {% note %}
 
-    **Note:** When you require SAML SSO for your enterprise, the setup user will no longer have access to the enterprise but will remain signed in to GitHub. Only {% data variables.enterprise.prodname_managed_users %} provisioned by your IdP will have access to the enterprise.
+    **Note:** After you require SAML SSO for your enterprise, the setup user will no longer have access to the enterprise but will remain signed in to GitHub. Only {% data variables.enterprise.prodname_managed_users %} provisioned by your IdP will have access to the enterprise.
 
     {% endnote %}
 
@@ -108,3 +111,68 @@ After you install and configure the {% data variables.product.prodname_emu_idp_a
 ### Enabling provisioning
 
 After you enable SAML SSO, enable provisioning. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
+
+### Enabling guest collaborators
+
+If your enterprise uses {% data variables.product.prodname_emus %}, you can use the role of guest collaborator to grant limited access to vendors and contractors. Guest collaborators are provisioned by your IdP, and only have access to the specific repositories or organizations you add them to. Guest collaborators only have access to internal repositories within organizations where they are a member and private repositories they are expressly authorized to access. Guest collaborators will never see internal repositories in an organization they are not a member of. For more information, see "[AUTOTITLE](/admin/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#guest-collaborators)."
+
+If you use Azure AD or Okta for SAML authentication, you may need to update your IdP application to use guest collaborators.
+
+#### Enabling guest collaborators if you use Azure AD
+
+1. Sign into the Azure Portal.
+1. Click **Identity**.
+1. Click **Applications**.
+1. Click **Enterprise applications**.
+1. Click **All applications**.
+1. View the details for your {% data variables.product.prodname_emus %} application
+1. In the left sidebar, click **Users and Groups**.
+1. View the application registration.
+
+   - If the application registration displays the "Restricted User" or "Guest Collaborator" roles, you're ready to invite guest collaborators to your enterprise.
+   - If the application registration does not display the roles, proceed to the next step.
+1. In the Azure Portal, click **App registrations**.
+1. Click **All applications**, then use the search bar to find your application for {% data variables.product.prodname_emus %}.
+1. Click your SAML application.
+1. In the left sidebar, click **Manifest**.
+1. Under "appRoles", add the following:
+
+   ```json
+   {
+     "allowedMemberTypes": [
+       "User"
+     ],
+     "description": "Guest Collaborator",
+     "displayName": "Guest Collaborator",
+     "id": "1ebc4a02-e56c-43a6-92a5-02ee09b90824",
+     "isEnabled": true,
+     "lang": null,
+     "origin": "Application",
+     "value": "null"
+   },
+   ```
+
+   {% note %}
+
+   **Note:** The `id` value is critical. If another `id` value is present, the update will fail.
+
+   {% endnote %}
+1. Click **Save**.
+
+#### Enabling guest collaborators for your enterprise with Okta
+
+To add the guest collaborator role to your Okta application:
+
+1. Navigate to your application for {% data variables.product.prodname_emus %} on Okta.
+1. Click **Provisioning**.
+1. Click **Go to Profile Editor**.
+1. Find "Roles" at the bottom of the profile editor and click the edit icon.
+1. Add a new role.
+
+   - For "Display name", type `Guest Collaborator`.
+   - For "Value", type `guest_collaborator`.
+1. Click **Save**.
+
+#### Adding guest collaborators to your enterprise
+
+After you enable guest collaborators for your enterprise, you can add guest collaborators to your enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users#assigning-users-and-groups)."

content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/index.md

@@ -2,7 +2,7 @@
 title: Configuring authentication for Enterprise Managed Users
 shortTitle: Authentication for managed users
 product: '{% data reusables.gated-features.emus %}'
-intro: 'You can decide whether people use SAML or OIDC to authenticate, learn about support for conditional access policy, see username considerations, or disable authentication for your {% data variables.enterprise.prodname_emu_enterprise %} on {% data variables.product.prodname_dotcom_the_website %}.'
+intro: 'You can decide whether people use SAML or OIDC to authenticate, learn about support for conditional access policy, or disable authentication for your {% data variables.enterprise.prodname_emu_enterprise %} on {% data variables.product.prodname_dotcom_the_website %}.'
 versions:
   ghec: '*'
 topics:

content/admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference.md

@@ -19,9 +19,11 @@ redirect_from:
 
 ## About SAML configuration
 
-To use SAML single sign-on (SSO) for authentication to {% data variables.product.product_name %}, you must configure both your external SAML identity provider (IdP) and {% ifversion ghes %}{% data variables.location.product_location %}{% elsif ghec %}your enterprise or organization on {% data variables.location.product_location %}{% elsif ghae %}your enterprise on {% data variables.product.product_name %}{% endif %}. In a SAML configuration, {% data variables.product.product_name %} functions as a SAML service provider (SP). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-saml-for-enterprise-iam)."
+To use SAML single sign-on (SSO) for authentication to {% data variables.product.product_name %}, you must configure both your external SAML identity provider (IdP) and {% ifversion ghes %}{% data variables.location.product_location %}{% elsif ghec %}your enterprise or organization on {% data variables.location.product_location %}{% elsif ghae %}your enterprise on {% data variables.product.product_name %}{% endif %}. In a SAML configuration, {% data variables.product.product_name %} functions as a SAML service provider (SP). For more information about authentication for your enterprise, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-identity-and-access-management#authentication-methods)."
 
-You must enter unique values from your SAML IdP when configuring SAML SSO for {% data variables.product.product_name %}, and you must also enter unique values from {% data variables.product.product_name %} on your IdP. For more information about the configuration of SAML SSO for {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise){% ifversion ghes or ghae %}{% elsif ghec %}" or "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization){% endif %}."
+ {% data variables.product.product_name %} provides integration according to the SAML 2.0 specification. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
+
+You must enter unique values from your SAML IdP when configuring SAML SSO for {% data variables.product.product_name %}, and you must also enter unique values from {% data variables.product.product_name %} on your IdP. For more information about authentication for
 
 ## SAML metadata
 

content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users.md

@@ -1,7 +1,7 @@
 ---
 title: Configuring SCIM provisioning for Enterprise Managed Users
 shortTitle: Configure SCIM provisioning
-intro: You can configure your identity provider to provision new users and manage their membership in your enterprise and teams.
+intro: "You can manage the lifecycle of your enterprise's user accounts on {% data variables.location.product_location %} from your identity provider (IdP) using System for Cross-domain Identity Management (SCIM)."
 product: '{% data reusables.gated-features.emus %}'
 redirect_from:
   - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users
@@ -18,20 +18,29 @@ topics:
 
 ## About provisioning for {% data variables.product.prodname_emus %}
 
-You must configure provisioning for {% data variables.product.prodname_emus %} to create, manage, and deactivate user accounts for your enterprise members.
+{% data reusables.enterprise_user_management.about-scim-provisioning %}
 
-After you configure provisioning for {% data variables.product.prodname_emus %}, users assigned to the {% data variables.product.prodname_emu_idp_application %} application in your identity provider are provisioned as new {% data variables.enterprise.prodname_managed_users %} on {% data variables.product.prodname_dotcom %} via SCIM, and the {% data variables.enterprise.prodname_managed_users %} are added to your enterprise. If you assign a group to the application, all users within the group will be provisioned as new {% data variables.enterprise.prodname_managed_users %}.
+After you configure provisioning for {% data variables.product.prodname_emus %}, your IdP uses SCIM to provision user accounts on {% data variables.location.product_location %} and add the accounts to your enterprise. If you assign a group to the application, your IdP will provision new {% data variables.enterprise.prodname_managed_users %} for all members of the group.
 
-When you update information associated with a user's identity on your IdP, your IdP will update the user's account on {% data variables.product.prodname_dotcom_the_website %}. When you unassign the user from the {% data variables.product.prodname_emu_idp_application %} application or deactivate a user's account on your IdP, your IdP will communicate with {% data variables.product.prodname_dotcom %} to invalidate any sessions and disable the member's account. The disabled account's information is maintained and their username is changed to a hash of their original username with the short code appended. If you reassign a user to the {% data variables.product.prodname_emu_idp_application %} application or reactivate their account on your IdP, the {% data variables.enterprise.prodname_managed_user %} on {% data variables.product.prodname_dotcom %} will be reactivated and username restored.
+{% ifversion emu-public-scim-schema %}
 
-Groups in your IdP can be used to manage team membership within your enterprise's organizations, allowing you to configure repository access and permissions through your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
+If you use a partner IdP, you can simplify the configuration of SCIM provisioning by using the partner IdP's application. If you don't use a partner IdP for provisioning, you can implement SCIM using calls to {% data variables.product.company_short %}'s REST API for SCIM, which is in beta and subject to change. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)."
+
+{% endif %}
+
+SCIM manages the lifecycle of user accounts in your enterprise. When you update information associated with a user's identity on your IdP, your IdP will update the user's account on {% data variables.product.prodname_dotcom_the_website %}. When you unassign the user from the IdP application for {% data variables.product.prodname_emus %} or deactivate a user's account on your IdP, your IdP will communicate with {% data variables.product.prodname_dotcom %} to invalidate any sessions and disable the member's account. The disabled account's information is maintained and their username is changed to a hash of their original username with the short code appended. If you reassign a user to the IdP application for {% data variables.product.prodname_emus %} or reactivate their account on your IdP, the {% data variables.enterprise.prodname_managed_user %} on {% data variables.product.prodname_dotcom %} will be reactivated, and the username will be restored.
+
+To configure team and organization membership, repository access, and permissions on {% data variables.product.product_name %}, you can use groups on your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
 
 ## Prerequisites
 
-Before you can configure provisioning for {% data variables.product.prodname_emus %}, you must configure SAML{% ifversion oidc-for-emu %} or OIDC{% endif %} single-sign on. {% ifversion oidc-for-emu %}
+- {% data reusables.scim.emu-prerequisite-authentication %}
 
-- For more information on configuring OIDC, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)"
-- {% endif %}For information on configuring SAML, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)."
+{%- ifversion emu-public-scim-schema %}
+- {% data reusables.scim.emu-understand-types-and-support %}
+
+- {% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}
+{%- endif %}
 
 ## Creating a {% data variables.product.pat_generic %}
 
@@ -60,21 +69,43 @@ To configure provisioning for your {% data variables.enterprise.prodname_emu_ent
 
 ## Configuring provisioning for {% data variables.product.prodname_emus %}
 
-After creating your {% data variables.product.pat_generic %} and storing it securely, you can configure provisioning on your identity provider.
+After creating your {% data variables.product.pat_generic %} and storing it securely, you can configure provisioning on your IdP. {% ifversion emu-public-scim-schema %} The instructions you should follow differ depending on whether you use a partner IdP for provisioning.
 
-{% data reusables.scim.emu-scim-rate-limit %}
+### Configuring provisioning if you use a partner IdP
 
-To configure provisioning, follow the appropriate link from the table below.
+To use a partner IdP's application both authentication and provisioning, review the parner's instructions for configuring provisioning in the links in the following table. {% else %} For instructions about the configuration of provisioning on your IdP, click a link in the following table.
 
-| Identity provider | SSO method | More information |
-|---|---|---|{% ifversion oidc-for-emu %}
-| Azure AD | OIDC | [Tutorial: Configure GitHub Enterprise Managed User (OIDC) for automatic user provisioning](https://docs.microsoft.com/azure/active-directory/saas-apps/github-enterprise-managed-user-oidc-provisioning-tutorial) in the Azure AD documentation |{% endif %}
+{% endif %}
+
+{% rowheaders %}
+
+| IdP | SSO method | More information |
+|---|---|---|
+{%- ifversion oidc-for-emu %}
+| Azure AD | OIDC | [Tutorial: Configure GitHub Enterprise Managed User (OIDC) for automatic user provisioning](https://docs.microsoft.com/azure/active-directory/saas-apps/github-enterprise-managed-user-oidc-provisioning-tutorial) in the Azure AD documentation |
+{%- endif %}
 | Azure AD | SAML | [Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-provisioning-tutorial) in the Azure AD documentation |
-| Okta | SAML | [Configuring SCIM provisioning for Enterprise Managed Users with Okta](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta) |
+| Okta | SAML | "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta)" |
 | PingFederate | SAML | [Configure PingFederate for provisioning and SSO](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_connector_configure_pingfederate_for_provisioning_and_sso) and [Managing channels](https://docs.pingidentity.com/r/en-us/pingfederate-112/help_saasmanagementtasklet_saasmanagementstate) in the PingFederate documentation |
+{%- ifversion emu-public-scim-schema %}
+{%- endif %}
 
-{% note %}
+{% endrowheaders %}
 
-**Note:** Azure AD does not support provisioning nested groups. For more information, see [How Application Provisioning works in Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/how-provisioning-works#assignment-based-scoping).
+{% ifversion emu-public-scim-schema %}
 
-{% endnote %}
+Alternatively, if you configured authentication on a partner IdP, but you would like to provision users from a different IdP, you can have your IdP make calls to {% data variables.product.company_short %}'s REST API for SCIM.
+
+### Configuring provisioning if don't use a partner IdP
+
+If you don't use a partner IdP, you can integrate with {% data variables.product.company_short %}'s REST API for SCIM. The API is in beta and subject to change. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)."
+
+{% endif %}
+
+## Assigning users and groups
+
+{% data reusables.enterprise-managed.assigning-users %}
+
+{% data reusables.enterprise-managed.assigning-roles %}
+
+Azure AD does not support provisioning nested groups. For more information, see [How Application Provisioning works in Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/how-provisioning-works#assignment-based-scoping) in Microsoft Docs.

content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-with-okta.md

@@ -1,7 +1,7 @@
 ---
 title: Configuring SCIM provisioning with Okta
-shortTitle: Configure SCIM using Okta
-intro: You can provision new users and manage their membership of your enterprise and teams using Okta as your identity provider.
+shortTitle: SCIM using Okta
+intro: "If you use Okta as an identity provider (IdP), you can manage the lifecycle of your enterprise's user accounts on {% data variables.location.product_location %} using System for Cross-domain Identity Management (SCIM)."
 product: '{% data reusables.gated-features.emus %}'
 versions:
   ghec: '*'
@@ -22,21 +22,19 @@ topics:
 
 ## About provisioning with Okta
 
-You can use {% data variables.product.prodname_emus %} with Okta as your identity provider to provision new accounts, manage enterprise membership, and manage team memberships for organizations in your enterprise. For more information about provisioning for {% data variables.product.prodname_emus %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
+If you use Okta as an IdP, you can use Okta's application to provision user accounts, manage enterprise membership, and manage team memberships for organizations in your enterprise. Okta is a partner IdP, so you can simplify your authentication and provisioning configuration by using the Okta application for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)."
 
-{% note %}
+{% ifversion emu-public-scim-schema %}
 
-**Note:** SCIM is required for {% data variables.product.prodname_emus %}, so you must use a version of Okta that includes SCIM.
+Alternatively, if you only intend to use Okta for SAML authentication and you want to use a different IdP for provisioning, you can integrate with {% data variables.product.prodname_dotcom %}'s REST API for SCIM. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)."
 
-{% endnote %}
+{% endif %}
 
-Before you can configure provisioning with Okta, you must configure SAML single-sign on. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)."
-
-To configure provisioning with Okta, you must set your enterprise's name in the {% data variables.product.prodname_emu_idp_application %} application and enter your setup user's {% data variables.product.pat_generic %}. You can then start provisioning users in Okta.
+For more information about provisioning for {% data variables.product.prodname_emus %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
 
 ## Supported features
 
-{% data variables.product.prodname_emus %} supports many provisioning features in Okta.
+{% data variables.product.prodname_emus %} supports the following provisioning features for Okta.
 
 | Feature | Description |
 | --- | --- |
@@ -52,6 +50,23 @@ To configure provisioning with Okta, you must set your enterprise's name in the
 
 {% endnote %}
 
+## Prerequisites
+
+{%- ifversion emu-public-scim-schema %}
+
+- You must use Okta's application for both authentication and provisioning.
+
+{%- endif %}
+- {% data reusables.scim.your-okta-product-must-support-scim %}
+
+- {% data reusables.scim.use-pat-from-setup-user %}
+
+{% ifversion emu-public-scim-schema %}
+
+- {% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}
+
+{% endif %}
+
 ## Setting your enterprise name
 
 After your {% data variables.enterprise.prodname_emu_enterprise %} has been created, you can begin to configure provisioning by setting your enterprise name in Okta.
@@ -83,13 +98,13 @@ To configure provisioning, the setup user with the **@<em>SHORT-CODE</em>_admin*
 
 ## Assigning users and groups
 
-After you have configured SAML SSO and provisioning, you will be able to provision new users on {% data variables.product.prodname_dotcom_the_website %} by assigning users or groups to the {% data variables.product.prodname_emu_idp_application %} application.
+{% data reusables.enterprise-managed.assigning-users %}
 
 {% data reusables.scim.emu-scim-rate-limit %}
 
 You can also automatically manage organization membership by adding groups to the "Push Groups" tab in Okta. When the group is provisioned successfully, it will be available to connect to teams in the enterprise's organizations. For more information about managing teams, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
 
-When assigning users, you can use the "Roles" attribute in the {% data variables.product.prodname_emu_idp_application %} application to set a user's role in your enterprise on {% data variables.product.product_name %}. For more information about the roles available to assign, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise)."
+{% data reusables.enterprise-managed.assigning-roles %}
 
 {% note %}
 

content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/index.md

@@ -12,6 +12,7 @@ topics:
 children:
   - /configuring-scim-provisioning-for-enterprise-managed-users
   - /configuring-scim-provisioning-with-okta
+  - /provisioning-users-with-scim-using-the-rest-api
   - /managing-team-memberships-with-identity-provider-groups
   - /troubleshooting-team-membership-with-identity-provider-groups
 ---

content/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api.md

@@ -0,0 +1,150 @@
+---
+title: Provisioning users with SCIM using the REST API
+shortTitle: SCIM using REST API
+intro: "You can manage the lifecycle of your enterprise's user accounts on {% data variables.location.product_location %} from your identity provider (IdP) using {% data variables.product.company_short %}'s REST API for System for Cross-domain Identity Management (SCIM)."
+product: '{% data reusables.gated-features.emus %}'
+versions:
+  feature: emu-public-scim-schema
+type: tutorial
+topics:
+  - Accounts
+  - Authentication
+  - Enterprise
+  - SSO
+---
+
+{% data reusables.scim.ghec-open-scim-beta-note %}
+
+## About provisioning for {% data variables.product.prodname_emus %}
+
+{% data reusables.enterprise_user_management.about-scim-provisioning %} For more information about provisioning on  {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users#about-provisioning-for-enterprise-managed-users)."
+
+{% data reusables.enterprise_user_management.emu-paved-path-iam-integrations %} If your company does not use a partner IdP, you can configure provisioning from an identity system that communicates with {% data variables.product.company_short %}'s REST API. This guide will help you understand the following topics related to {% data variables.product.company_short %}'s implementation.
+
+- How to review and stream detailed audit logs for your enterprise
+- The REST API, including endpoints for SCIM and usage expectations
+- Troubleshooting
+
+Alternatively, you can use a partner IdP for both authentication and provisioning. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)."
+
+{% data variables.product.company_short %} has not tested every IdP. {% data variables.contact.github_support %} provides limited support for partner IdPs. You may be able to integrate an IdP that adheres to the SCIM specification and {% data variables.product.company_short %}'s guidelines, but for support with the IdP itself or building an integration, refer to the developer's documentation, support team, or other resources.
+
+## Prerequisites
+
+- {% data reusables.scim.emu-prerequisite-authentication %}
+- {% data reusables.scim.emu-understand-types-and-support %}
+- To integrate with {% data variables.product.company_short %}'s REST API, the IdP must support the System for Cross-domain Identity Management (SCIM) 2.0 standard. For more information, see the following RFCs on the IETF website.
+
+   - [RFC 7642: Definitions, Overview, Concepts, and Requirements](https://tools.ietf.org/html/rfc7642)
+   - [RFC 7643: Core Schema](https://tools.ietf.org/html/rfc7643)
+   - [RFC 7644: Protocol](https://tools.ietf.org/html/rfc7644)
+- {% data variables.product.company_short %} recommends that you only authenticate requests to the REST API endpoints for SCIM using a {% data variables.product.pat_v1 %} associated with your enterprise's setup user. The token requires the **admin:enterprise** scope. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)"
+- The user records for the systems that you use for authentication and provisioning must share a unique identifier and satisfy {% data variables.product.company_short %}'s matching criteria. For more information, see "[AUTOTITLE](/rest/enterprise-admin/scim#mapping-of-saml-and-scim-data)" in the REST API documentation.
+- {% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}
+
+## Configuring audit log streaming
+
+The audit log for your enterprise displays details about activity in your enterprise. You can use the audit log to support your configuration of SCIM. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)."
+
+Due to the volume of events in this log, {% data variables.product.company_short %} retains the data for six months. To ensure that you don't lose audit log data, and to view more granular activity in the audit log, {% data variables.product.company_short %} recommends that you configure audit log streaming. When you stream the audit log, you can optionally choose to stream events for API requests, including requests to endpoints for SCIM provisioning. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)."
+
+## Understanding the REST API for SCIM
+
+To make SCIM calls and manage users, you'll use {% data variables.product.company_short %}'s REST API. For more information about accessing resources in the REST API, see "[AUTOTITLE](/rest/overview/resources-in-the-rest-api)."
+
+- [REST API endpoints for SCIM](#rest-api-endpoints-for-scim)
+- [About rate limits](#about-rate-limits)
+- [User and group attributes](#user-and-group-attributes)
+- [About mapping of external identities](#about-mapping-of-external-identities)
+- [Ensuring users have the access you intend](#ensuring-users-have-the-access-you-intend)
+- [About suspension and reprovisioning of users](#about-suspension-and-reprovisioning-of-users)
+
+### REST API endpoints for SCIM
+
+The following tables describe the SCIM endpoints offered by the REST API. You can read more information in the REST API documentation. The documentation includes code samples, required headers and path parameters, and HTTP response codes.
+
+For more information about authentication of requests to these endpoints, see "[AUTOTITLE](/rest/enterprise-admin/scim#authentication)" in the REST API documentation.
+
+Requests that don't match the REST API's expectations will return a `400 Bad Request` error.
+
+- [REST API endpoints for user management](#rest-api-endpoints-for-user-management)
+- [REST API endpoints for group management](#rest-api-endpoints-for-group-management)
+
+#### REST API endpoints for user management
+
+To provision users, make requests to the following REST API endpoints.
+
+| Action | Method | Endpoint and more information |
+| :- | :- | :- |
+| Create a user | `POST` | [Provision a SCIM enterprise user](/rest/enterprise-admin/scim#provision-a-scim-enterprise-user) |
+| Retrieve a user | `GET` | [Get SCIM provisioning information for an enterprise user](/rest/enterprise-admin/scim#get-scim-provisioning-information-for-an-enterprise-user) |
+| Update all of a user's attributes | `PUT` | [Set SCIM information for a provisioned enterprise user](/rest/enterprise-admin/scim#set-scim-information-for-a-provisioned-enterprise-user) |
+| Update an individual user attribute | `PATCH` | [Update an attribute for a SCIM enterprise user](/rest/enterprise-admin/scim#update-an-attribute-for-a-scim-enterprise-user) |
+| List all users | `GET` | [List SCIM provisioned identities for an enterprise](/rest/enterprise-admin/scim#list-scim-provisioned-identities-for-an-enterprise) |
+| Delete a user | `DELETE` | [Delete a SCIM user from an enterprise](/rest/enterprise-admin/scim#delete-a-scim-user-from-an-enterprise) |
+
+#### REST API endpoints for group management
+
+To control access to repositories in your enterprise, your SCIM integration can manage organization and team membership for users via groups on your IdP. For more information, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups)."
+
+To manage groups, make requests to the following REST API endpoints.
+
+| Action | Method | Endpoint and more information |
+| :- | :- | :- |
+| Create a group | `POST` | [Provision a SCIM enterprise group](/rest/enterprise-admin/scim#provision-a-scim-enterprise-group) |
+| Retrieve a group | `GET` | [Get SCIM provisioning information for an enterprise group](/rest/enterprise-admin/scim#get-scim-provisioning-information-for-an-enterprise-group) |
+| Update all of a group's attributes | `PUT` | [Set SCIM information for a provisioned enterprise group](/rest/enterprise-admin/scim#set-scim-information-for-a-provisioned-enterprise-group) |
+| Update an individual group attribute | `PATCH` | [Update an attribute for a SCIM enterprise group](/rest/enterprise-admin/scim#update-an-attribute-for-a-scim-enterprise-group) |
+| List all groups | `GET` | [List provisioned SCIM groups for an enterprise](/rest/enterprise-admin/scim#list-provisioned-scim-groups-for-an-enterprise) |
+| Delete a group | `DELETE` | [Delete a SCIM group from an enterprise](/rest/enterprise-admin/scim#delete-a-scim-group-from-an-enterprise)
+
+### About rate limits
+
+{% data reusables.scim.emu-scim-rate-limit-details %}
+
+For more information, see "[AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api)."
+
+### User and group attributes
+
+Requests to the REST API support specific attributes for users and groups. For more information, see "[Supported SCIM user attributes](/rest/enterprise-admin/scim#supported-scim-user-attributes)" and "[Supported SCIM group attributes](/rest/enterprise-admin/scim#supported-scim-group-attributes)" in the REST API documentation for SCIM operations.
+
+For example, you can use the `roles` attribute to assign a role in the enterprise to a user or group. If you grant multiple roles to a user, the role with more privileged access takes precedence.
+
+| Role | More information in "Roles in an enterprise" |
+| :- | :- |
+| `enterprise_owner` | "[Enterprise owners](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owners)" |
+| `billing_manager` | "[Billing managers](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#billing-managers)" |
+| `user` | "[Enterprise members](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-members)" |
+| `guest_collaborator` | "[Guest collaborators](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#guest-collaborators)" |
+
+### About mapping of external identities
+
+After successful authentication, {% data variables.product.product_name %} links the user who authenticated to an identity provisioned by SCIM. The unique identifiers for authentication and provisioning must match. For more information, see "[SCIM](/rest/enterprise-admin/scim#mapping-of-saml-and-scim-data)" in the REST API documentation.
+
+You can view this mapping on {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise#viewing-and-revoking-a-linked-identity)."
+
+### Ensuring users have the access you intend
+
+If your integration manages access using groups on your IdP, you can validate that users get the access you intend. You can use the REST API to compare your IdP's group memberships with {% data variables.product.prodname_dotcom %}'s understanding of those groups. For more information, see "[AUTOTITLE](/rest/teams/external-groups#about-external-groups)" and "[AUTOTITLE](/rest/teams/teams#get-a-team-by-name)" in the REST API documentation.
+
+### About suspension and reprovisioning of users
+
+You cannot completely delete a {% data variables.enterprise.prodname_managed_user %} on {% data variables.location.product_location %}. Instead, you can either temporarily or permanently suspend the account.
+
+To temporarily suspend a user, sets the user record's `active` attribute to `false` using a `PATCH` or `PUT` request. After you temporarily suspend an account, the user can no longer sign in to access your enterprise on {% data variables.location.product_location %}. For more information, see "[Update an attribute for a SCIM enterprise user](/rest/enterprise-admin/scim#update-an-attribute-for-a-scim-enterprise-user)" or "[Set SCIM information for a provisioned enterprise user](/rest/enterprise-admin/scim#set-scim-information-for-a-provisioned-enterprise-user)" in the REST API documentation for SCIM operations.
+
+To permanently suspend a user, send a `DELETE` request. If you permanently suspend an account, you cannot reactivate the account. For more information, see "[Delete a SCIM user from an enterprise](/rest/enterprise-admin/scim#delete-a-scim-user-from-an-enterprise)" in the REST API documentation for SCIM operations.
+
+To reprovision a user, set the user record's `active` attribute to `true` using a `POST`, `PUT`, or `PATCH` request. If you permanently suspended the account, a subsequent provisioning event will create a new account for the person who's signing in. The newly provisioned account will have no relationship to the original account. For more information, see "[Provision a SCIM enterprise user](/rest/enterprise-admin/scim#provision-a-scim-enterprise-user)", "[Set SCIM information for a provisioned enterprise user](/rest/enterprise-admin/scim#set-scim-information-for-a-provisioned-enterprise-user)," or "[Update an attribute for a SCIM enterprise user](/rest/enterprise-admin/scim#update-an-attribute-for-a-scim-enterprise-user)" in the REST API documentation for SCIM operations.
+
+## Troubleshooting
+
+- If {% data variables.product.prodname_dotcom %} is rate-limiting your requests to the REST API, you can learn more in "[About rate limits](#about-rate-limits)."
+
+- If you enable audit log streaming and stream events for API requests, you can review any requests to the REST API endpoints for SCIM by filtering for events from the `EnterpriseUsersScim` or `EnterpriseGroupsScim` controllers.
+
+- If your integration manages access using groups on your IdP, you can review `external_group` category events in your enterprise's audit log to confirm the success of SCIM calls. You can also view troubleshooting information in the web interface for {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#external_group)" and "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/troubleshooting-team-membership-with-identity-provider-groups)."
+
+## Further reading
+
+- "[AUTOTITLE](/admin/identity-and-access-management/iam-configuration-reference/username-considerations-for-external-authentication)"

content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md

@@ -26,7 +26,7 @@ If you're new to {% data variables.product.prodname_emus %} and haven't yet conf
 
 ## Prerequisites
 
-- Your enterprise on {% data variables.location.product_location %} must currently be configured to use SAML for authentication. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)."
+- Your enterprise on {% data variables.location.product_location %} must currently be configured to use SAML for authentication, with Azure AD as your identity provider (IdP). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)."
 {% data reusables.emus.migration-roles-prereq %}
 {% data reusables.emus.migration-schedule-downtime %}
 

content/admin/identity-and-access-management/reconfiguring-iam-for-enterprise-managed-users/migrating-your-enterprise-to-a-new-identity-provider-or-tenant.md

@@ -18,11 +18,17 @@ redirect_from:
 
 ## About migrations between IdPs and tenants
 
-While using {% data variables.product.prodname_emus %}, you may need to migrate your enterprise to a new IdP or Azure AD tenant. For example, you might be ready to migrate from a test environment to your production environment.
+While using {% data variables.product.prodname_emus %}, you may need to migrate your enterprise to a new tenant on your IdP. For example, you might be ready to migrate from a test environment to your production environment.
 
 {% warning %}
 
-**Warning**: Migrating to a new identity provider or tenant can cause disruption to integrations and automated flows in your enterprise. When your current SAML identity provider is disabled, {% data variables.product.pat_generic_plural %} and SSH keys associated with {% data variables.enterprise.prodname_managed_users %} will be deleted. You should plan for a migration window after configuring your new identity provider, during which you can create and deploy new keys to your integrations where necessary.
+**{% ifversion emu-public-scim-schema %}Warnings{% else %}Warning{% endif %}**:
+
+{% ifversion emu-public-scim-schema %}-{% endif %} Migrating to a new IdP or tenant can cause disruption to integrations and automated flows in your enterprise. When your current SAML IdP is disabled, {% data variables.product.pat_generic_plural %} and SSH keys associated with {% data variables.enterprise.prodname_managed_users %} will be deleted. You should plan for a migration window after configuring your new IdP, during which you can create and deploy new keys to your integrations where necessary.
+
+{%- ifversion emu-public-scim-schema %}
+- {% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}
+{% endif %}
 
 {% endwarning %}
 

content/admin/identity-and-access-management/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md

@@ -31,6 +31,7 @@ With {% data variables.product.prodname_emus %}, you can control the user accoun
   - Create or comment on discussions within the repository
   - Comment on issues or pull requests, or add reactions to comments
   - Star, watch, or fork the repository
+
 - {% data variables.enterprise.prodname_managed_users_caps %} cannot create gists or comment on gists.
 - {% data variables.enterprise.prodname_managed_users_caps %} cannot follow users outside of the enterprise.
 - {% data variables.enterprise.prodname_managed_users_caps %} cannot create starter workflows for {% data variables.product.prodname_actions %}.
@@ -41,7 +42,7 @@ With {% data variables.product.prodname_emus %}, you can control the user accoun
 - If you allow {% data variables.enterprise.prodname_managed_users %} to create repositories owned by their user accounts, they can only own private repositories and can only invite other enterprise members to collaborate on their user-owned repositories.
 - {% data reusables.enterprise-accounts.emu-forks %}
 - Only private and internal repositories can be created in organizations owned by an {% data variables.enterprise.prodname_emu_enterprise %}, depending on organization and enterprise repository visibility settings.
-- Outside collaborators are not supported by {% data variables.product.prodname_emus %}.
+- Outside collaborators are not supported by {% data variables.product.prodname_emus %}, but guest collaborators are. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise#guest-collaborators)."
 - {% data variables.enterprise.prodname_managed_users_caps %} are limited in their use of {% data variables.product.prodname_pages %}. For more information, see "[AUTOTITLE](/pages/getting-started-with-github-pages/about-github-pages#limitations-for-enterprise-managed-users)."
 - {% data variables.enterprise.prodname_managed_users_caps %} can only create and use codespaces that are owned and paid for by their organization or enterprise. This means that {% data variables.enterprise.prodname_managed_users %}:
   - Can create codespaces for repositories owned by their organization, or forks of these repositories, provided that the organization can pay for {% data variables.product.prodname_github_codespaces %}. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization)."

content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users.md

@@ -1,7 +1,7 @@
 ---
 title: 'About {% data variables.product.prodname_emus %}'
 shortTitle: About managed users
-intro: 'You can centrally manage identity and access for your enterprise members on {% data variables.product.prodname_dotcom %} from your identity provider.'
+intro: 'You can centrally manage identity and access for your enterprise members on {% data variables.product.prodname_dotcom %} from your identity provider (IdP).'
 redirect_from:
   - /early-access/github/articles/get-started-with-managed-users-for-your-enterprise
   - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/about-enterprise-managed-users
@@ -28,9 +28,9 @@ allowTitleToDifferFromFilename: true
 
 ## About {% data variables.product.prodname_emus %}
 
-With {% data variables.product.prodname_emus %}, you can control the user accounts of your enterprise members through your identity provider (IdP). Users assigned to the {% data variables.product.prodname_emu_idp_application %} application in your IdP are provisioned as new user accounts on {% data variables.product.prodname_dotcom %} and added to your enterprise. You control usernames, profile data, team membership, and repository access for the user accounts from your IdP.
+With {% data variables.product.prodname_emus %}, you manage the lifecycle and authentication of your users on {% data variables.location.product_location %} from an external identity management system, or IdP. You can provide access to  {% data variables.product.product_name %} to people who have existing identities and group membership on your IdP. Your IdP provisions new user accounts with access to your enterprise on {% data variables.location.product_location %}. You control usernames, profile data, team membership, and repository access for the user accounts from your IdP.
 
-In your IdP, you can give each {% data variables.enterprise.prodname_managed_user %} the role of user, enterprise owner, or billing manager. {% data variables.enterprise.prodname_managed_users_caps %} can own organizations within your enterprise and can add other {% data variables.enterprise.prodname_managed_users %} to the organizations and teams within. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise)" and "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-organizations)."
+On your IdP, you can give each {% data variables.enterprise.prodname_managed_user %} a role, such as member, enterprise owner, or guest collaborator. {% data variables.enterprise.prodname_managed_users_caps %} can own organizations within your enterprise and can add other {% data variables.enterprise.prodname_managed_users %} to the organizations and teams within. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise)" and "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-organizations)."
 
 {% ifversion oidc-for-emu %}
 
@@ -48,42 +48,52 @@ To use {% data variables.product.prodname_emus %}, you need a separate type of e
 
 {% note %}
 
-**Note:** There are multiple options for identity and access management with {% data variables.product.prodname_ghe_cloud %}, and {% data variables.product.prodname_emus %} is not the best solution for every customer. For more information about whether {% data variables.product.prodname_emus %} is right for your enterprise, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/identifying-the-best-authentication-method-for-your-enterprise)."
+**Note:** There are multiple options for identity and access management with {% data variables.product.prodname_ghe_cloud %}, and {% data variables.product.prodname_emus %} is not the best solution for every customer. For more information about whether {% data variables.product.prodname_emus %} is right for your enterprise, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/identifying-the-best-authentication-method-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts)."
 
 {% endnote %}
 
-## About organization membership management
-
-Organization memberships can be managed manually, or you can update memberships automatically using IdP groups. To manage organization memberships through your IdP, the members must be added to an IdP group, and the IdP group must be connected to a team within the organization. For more information about managing organization and team memberships automatically, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
-
-The way a member is added to an organization owned by your enterprise (through IdP groups or manually) determines how they must be removed from an organization.
-
-- If a member was added to an organization manually, you must remove them manually. Unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization.
-- If a user became a member of an organization because they were added to IdP groups mapped to one or more teams in the organization, removing them from _all_ of the mapped IdP groups associated with the organization will remove them from the organization.
-
-To discover how a member was added to an organization, you can filter the member list by type. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users)."
-
-## Identity provider support
+## About authentication and user provisioning
 
 {% ifversion oidc-for-emu %}
 
-| Identity provider | SAML | OIDC |
-|-------------------|------|------|
-| Azure Active Directory | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
-| Okta | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
-| PingFederate | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+{% ifversion emu-public-scim-schema %}
 
-{% else %}
+With {% data variables.product.prodname_emus %}, your IdP creates and updates user accounts on {% data variables.location.product_location %}. Users must authenticate on your IdP to access your enterprise's resources on {% data variables.location.product_location %}. {% data variables.product.product_name %} maintains a record of the external identity on your IdP that corresponds with the user account.
 
-{% data reusables.enterprise-accounts.emu-supported-idps %}
+{% data reusables.enterprise_user_management.emu-paved-path-iam-integrations %} These IdPs mostly provide authentication using SAML. Azure AD also offers OIDC for authentication. The IdP applications provision users with System for Cross-domain Identity Management (SCIM).
 
 {% endif %}
 
-{% note %}
+{% rowheaders %}
 
-**Note:** {% data variables.product.prodname_emus %} requires the use of one IdP for both SAML and SCIM. Confirm that you've purchased a version of your IdP that includes SCIM.
+| Partner IdP | SAML | OIDC | SCIM |
+| :- | :- | :- | :- |
+| Azure Active Directory | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+| Okta | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} |
+| PingFederate | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} |
 
-{% endnote %}
+{% endrowheaders %}
+
+{% endif %}
+
+{% ifversion emu-public-scim-schema %}
+
+Other IdPs must adhere to the SAML 2.0 specification for authentication. You can configure provisioning with IdPs that adhere to {% data variables.product.company_short %}'s integration guidelines. The IdP must adhere to the SCIM 2.0 specification and communicate with {% data variables.product.company_short %}'s REST API. For example, the IdP could be a commercial identity management system that {% data variables.product.company_short %} has not tested, or a custom identity system that your company builds.
+
+{% data reusables.scim.ghec-open-scim-beta-note %}
+
+For more information about authentication and provisioning, see the following articles.
+
+- "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users)"
+- "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users)"
+
+Some customers have reported success using a partner IdP's application only for authentication, in combination with a different IdP for provisioning. For example, a combination of Okta for authentication and a custom SCIM solution for provisioning, or a combination of Keycloak for authentication and SailPoint for provisioning. {% data variables.product.company_short %} has not tested all IdPs, and does not test partner IdPs in combination with other IdPs.
+
+For more information about provisioning users from your IdP using the public beta of {% data variables.product.company_short %}'s SCIM schema, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)," and consult your IdP's documentation, support team, or other resources.
+
+{% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}
+
+{% endif %}
 
 ## Getting started with {% data variables.product.prodname_emus %}
 
@@ -105,7 +115,7 @@ Before your developers can use {% data variables.product.prodname_ghe_cloud %} w
 
 1. After you log in as the setup user, we recommend enabling two-factor authentication. The setup user's password and two-factor credentials can also be used to enter sudo mode, which is required to take sensitive actions. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)" and "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)."
 
-1. To get started, configure {% ifversion oidc-for-emu %}how your members will authenticate. If you are using Azure Active Directory as your identity provider, you can choose between OpenID Connect (OIDC) and Security Assertion Markup Language (SAML). We recommend OIDC, which includes support for Conditional Access Policies (CAP). If you require multiple enterprises with {% data variables.enterprise.prodname_managed_users %} provisioned from one tenant, you must use SAML for each enterprise after the first. If you are using another identity provider, like Okta or PingFederate, you can use SAML to authenticate your members.{% else %}SAML SSO for your enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)."{% endif %}
+1. To get started, configure {% ifversion oidc-for-emu %}how your members will authenticate. If you are using Azure Active Directory as your IdP, you can choose between OpenID Connect (OIDC) and Security Assertion Markup Language (SAML). We recommend OIDC, which includes support for Conditional Access Policies (CAP). If you require multiple enterprises with {% data variables.enterprise.prodname_managed_users %} provisioned from one tenant, you must use SAML for each enterprise after the first. If you are using another IdP, like Okta or PingFederate, you can use SAML to authenticate your members.{% else %}SAML SSO for your enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)."{% endif %}
 
    {%- ifversion oidc-for-emu %}
 
@@ -115,15 +125,26 @@ Before your developers can use {% data variables.product.prodname_ghe_cloud %} w
    - "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users)."
    {%- endif %}
 
-1. Once you have configured SSO, you can configure SCIM provisioning. SCIM is how your identity provider will create {% data variables.enterprise.prodname_managed_users %} on {% data variables.product.prodname_dotcom_the_website %}. For more information on configuring SCIM provisioning, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
+1. Once you have configured SSO, you can configure SCIM provisioning. SCIM is how your IdP will create {% data variables.enterprise.prodname_managed_users %} on {% data variables.product.prodname_dotcom_the_website %}. For more information on configuring SCIM provisioning, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
 
 1. Once authentication and provisioning are configured, you can start managing organization membership for your {% data variables.enterprise.prodname_managed_users %} by synchronizing IdP groups with teams. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
 
 If members of your enterprise must use one workstation to contribute to repositories on {% data variables.location.product_location %} from both a {% data variables.enterprise.prodname_managed_user %} and a personal account, you can provide support. For more information, see "[Supporting developers with multiple user accounts on {% data variables.product.prodname_dotcom_the_website %}](#supporting-developers-with-multiple-user-accounts-on-githubcom)."
 
-## Authenticating as a {% data variables.enterprise.prodname_managed_user %}
+## About organization membership management
 
-{% data variables.enterprise.prodname_managed_users_caps %} must authenticate through their identity provider. To authenticate, a {% data variables.enterprise.prodname_managed_user %} can visit their IdP application portal or use the login page on {% data variables.product.prodname_dotcom_the_website %}.
+Organization memberships can be managed manually, or you can update memberships automatically using IdP groups. To manage organization memberships through your IdP, the members must be added to an IdP group, and the IdP group must be connected to a team within the organization. For more information about managing organization and team memberships automatically, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
+
+The way a member is added to an organization owned by your enterprise (through IdP groups or manually) determines how they must be removed from an organization.
+
+- If a member was added to an organization manually, you must remove them manually. Unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization.
+- If a user became a member of an organization because they were added to IdP groups mapped to one or more teams in the organization, removing them from _all_ of the mapped IdP groups associated with the organization will remove them from the organization.
+
+To discover how a member was added to an organization, you can filter the member list by type. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users)."
+
+## Authenticating with a {% data variables.enterprise.prodname_managed_user %}
+
+{% data variables.enterprise.prodname_managed_users_caps %} must authenticate through their IdP. To authenticate, a {% data variables.enterprise.prodname_managed_user %} can visit their IdP application portal or use the login page on {% data variables.product.prodname_dotcom_the_website %}.
 
 By default, when an unauthenticated user attempts to access an enterprise that uses {% data variables.product.prodname_emus %}, {% data variables.product.company_short %} displays a 404 error. An enterprise owner can optionally enable automatic redirects to single sign-on (SSO) instead of the 404. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-sso-for-unauthenticated-users)."
 
@@ -133,7 +154,7 @@ By default, when an unauthenticated user attempts to access an enterprise that u
 
 1. Navigate to [https://github.com/login](https://github.com/login).
 1. In the "Username or email address" text box, enter your username including the underscore and short code. When the form recognizes your username, the form will update. You do not need to enter your password on this form.
-1. To continue to your identity provider, click **Sign in with your identity provider**.
+1. To continue to your IdP, click **Sign in with your identity provider**.
 
 ## Usernames and profile information
 

content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-identity-and-access-management.md

@@ -28,9 +28,7 @@ On {% data variables.product.product_name %}, you provision user accounts from a
 
 You can allow people to use a personal account on {% data variables.product.prodname_dotcom_the_website %} to access your enterprise's resources and optionally configure additional SAML access restriction, or you can provision and control the accounts for your enterprise using your identity provider (IdP) with {% data variables.product.prodname_emus %}.
 
-{% data reusables.enterprise.ghec-authentication-options %}
-
-After learning more about these options, to determine which method is best for your enterprise, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/identifying-the-best-authentication-method-for-your-enterprise)."
+After learning more about authentication and provisioning for each of these options, to determine which method is best for your enterprise, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/identifying-the-best-authentication-method-for-your-enterprise)."
 
 {% elsif scim-for-ghes %}
 
@@ -54,11 +52,11 @@ When you create an enterprise on {% data variables.product.product_name %}, you
 
 ### Authentication through {% data variables.location.product_location %}
 
-By default, each member must create a personal account on {% data variables.location.product_location %}. You grant access to your enterprise, and the member can access your enterprise's resources after signing into the account on {% data variables.location.product_location %}. The member manages the account, and can contribute to other enterprises, organizations, and repositories on {% data variables.location.product_location %}.
+With authentication solely through {% data variables.location.product_location %}, each person you want to grant access to your enterprise must create and manage a personal account on {% data variables.location.product_location %}. After you grant access to your enterprise, the member can access your enterprise's resources after signing into the account on {% data variables.location.product_location %}. The member manages the account, and can contribute to other enterprises, organizations, and repositories on {% data variables.location.product_location %}. For more information about personal accounts, see "[AUTOTITLE](/get-started/signing-up-for-github/signing-up-for-a-new-github-account)."
 
 ### Authentication through {% data variables.location.product_location %} with additional SAML access restriction
 
-If you configure additional SAML access restriction, each member must create and manage a personal account on {% data variables.location.product_location %}. You grant access to your enterprise, and the member can access your enterprise's resources after both signing into the account on {% data variables.location.product_location %} and successfully authenticating with your SAML identity provider (IdP). The member can contribute to other enterprises, organizations, and repositories on {% data variables.location.product_location %} using their personal account. For more information about requiring SAML authentication for all access your enterprise's resources, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam)."
+If you configure additional SAML access restriction, each person you want to grant access to your enterprise must create and manage a personal account on {% data variables.location.product_location %}. After you grant access to your enterprise, the member can access your enterprise's resources only after authenticating successfully for both the account on {% data variables.location.product_location %} and for an account on your SAML identity provider (IdP). The member can contribute to other enterprises, organizations, and repositories on {% data variables.location.product_location %} using their personal account. For more information about requiring SAML authentication for all access your enterprise's resources, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam)."
 
 You can choose between configuring SAML at the enterprise level, which applies the same SAML configuration to all organizations within the enterprise, and configuring SAML separately for individual organizations. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/deciding-whether-to-configure-saml-for-your-enterprise-or-your-organizations)."
 
@@ -107,9 +105,9 @@ To provision user accounts on {% data variables.product.product_name %}, you mus
 
 {% elsif ghec %}
 
-If you use authentication through {% data variables.location.product_location %}, people create personal accounts on {% data variables.product.prodname_dotcom_the_website %}, and you can grant those personal accounts access to resources in your enterprise. For more information about personal accounts, see "[AUTOTITLE](/get-started/signing-up-for-github/signing-up-for-a-new-github-account)."
+If you use [authentication through {% data variables.location.product_location %} with additional SAML access restriction](#authentication-through-githubcom-with-additional-saml-access-restriction), people create personal accounts on {% data variables.product.prodname_dotcom_the_website %}, and you can grant those personal accounts access to resources in your enterprise. You do not provision accounts.
 
-Alternatively, if you decide to create an {% data variables.enterprise.prodname_emu_enterprise %}, you must configure your IdP to provision user accounts within your enterprise using System for Cross-domain Identity Management (SCIM). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users)."
+Alternatively, if you use [{% data variables.product.prodname_emus %}](#authentication-with-enterprise-managed-users-and-federation), you must configure your IdP to provision user accounts within your enterprise on {% data variables.location.product_location %} using System for Cross-domain Identity Management (SCIM). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users)."
 
 {% elsif scim-for-ghes %}
 
@@ -117,6 +115,14 @@ If you configure built-in authentication, CAS, LDAP, or SAML, {% data variables.
 
 {% endif %}
 
+{% ifversion emu-public-scim-schema %}
+
+## About supported IdPs
+
+{% data reusables.enterprise_user_management.ghec-supported-idps %}
+
+{% endif %}
+
 ## Further reading
 
 - "[AUTOTITLE](/get-started/learning-about-github/types-of-github-accounts)"

content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-saml-for-enterprise-iam.md

@@ -34,7 +34,7 @@ If your enterprise members manage their own user accounts on {% data variables.l
 
 {% data reusables.saml.saml-accounts %}
 
-{% data reusables.saml.about-saml-enterprise-accounts %} For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#considerations-for-enabling-saml-for-an-enterprise-or-organization)" and [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."
+{% data reusables.saml.about-saml-enterprise-accounts %} For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#considerations-for-enabling-saml-for-an-enterprise-or-organization)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."
 
 Alternatively, you can provision and manage the accounts of your enterprise members with {% data variables.product.prodname_emus %}. To help you determine whether SAML SSO or {% data variables.product.prodname_emus %} is better for your enterprise, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/identifying-the-best-authentication-method-for-your-enterprise)."
 

content/admin/identity-and-access-management/understanding-iam-for-enterprises/identifying-the-best-authentication-method-for-your-enterprise.md

@@ -33,13 +33,17 @@ If you currently require your users to create a new account on {% data variables
 
 ## Which identity provider does your enterprise use?
 
-{% data variables.product.prodname_emus %} is supported for a limited number of IdPs and requires SCIM, while SAML SSO offers full support for a larger number of IdPs, plus limited support for all IdPs that implement the SAML 2.0 standard, and does not require SCIM. For the list of supported IdPs for each option, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#identity-provider-support)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam#supported-idps)."
+{% ifversion emu-public-scim-schema %}
+{% data reusables.enterprise_user_management.ghec-supported-idps %}
+{% else %}
+{% data variables.product.prodname_emus %} is supported for a limited number of IdPs and requires SCIM, while SAML SSO offers full support for a larger number of IdPs, plus limited support for all IdPs that implement the SAML 2.0 standard, and does not require SCIM. For the list of supported IdPs for each option, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#about-authentication-and-user-provisioning)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam#supported-idps)."
 
 You can use {% data variables.product.prodname_emus %} with an unsupported IdP only if you federate the unsupported IdP to a supported IdP to use as an integration point. If you wish to avoid this extra complexity, SAML SSO may be a better solution for you.
+{% endif %}
 
 ## Do your developers work in public repositories, gists, or {% data variables.product.prodname_pages %} sites?
 
-To prevent enterprise members from accidentally leaking corporate-owned content to the public on {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.prodname_emus %} imposes strong restrictions on what users can do. For example, {% data variables.enterprise.prodname_managed_users %} cannot create public repositories, gists of any visibility, or {% data variables.product.prodname_pages %} sites that are visible outside the enterprise. For a full list of restrictions, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#abilities-and-restrictions-of-managed-users)."
+To prevent enterprise members from accidentally leaking corporate-owned content to the public on {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.prodname_emus %} imposes strong restrictions on what users can do. For example, {% data variables.enterprise.prodname_managed_users %} cannot create public repositories, gists of any visibility, or {% data variables.product.prodname_pages %} sites that are visible outside the enterprise. For a full list of restrictions, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts)."
 
 These restrictions are unacceptable for some enterprises. To determine whether {% data variables.product.prodname_emus %} will work for you, review the restrictions with your developers, and confirm whether any of the restrictions will hinder your existing workflows. If so, SAML SSO may be a better choice for your enterprise.
 
@@ -51,12 +55,6 @@ Some companies maintain repositories within an existing enterprise using SAML SS
 
 If you decide to create an {% data variables.enterprise.prodname_emu_enterprise %} but require that developers contribute to resources outside of the enterprise from a single workstation, you can provide support for switching between the accounts in a developer's local Git configuration. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#supporting-developers-with-multiple-user-accounts-on-githubcom)."
 
-## Does your enterprise rely on outside collaborators?
-
-With SAML SSO, you can give access to specific repositories to people who are not members of your IdP's directory, by using the outside collaborator role. This can be especially useful for collaborators that are external to your business, such as contractors. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-outside-collaborators/adding-outside-collaborators-to-repositories-in-your-organization)."
-
-With {% data variables.product.prodname_emus %}, the outside collaborator role does not exist. Your enterprise's resources can only be accessed by {% data variables.enterprise.prodname_managed_users %}, which are always provisioned by your IdP. To give external collaborators access to your enterprise, you would have to use guest accounts in your IdP. If you're interested in {% data variables.product.prodname_emus %}, confirm with your developers whether this will hinder any of their existing workflows. If so, SAML SSO may be a better solution.
-
 ## Can your enterprise tolerate migration costs?
 
 If your enterprise is new to {% data variables.product.prodname_dotcom_the_website %}, SAML SSO and {% data variables.product.prodname_emus %} are equally easy to adopt.

content/admin/identity-and-access-management/understanding-iam-for-enterprises/troubleshooting-identity-and-access-management-for-your-enterprise.md

@@ -46,9 +46,11 @@ When a configuration error or an issue with your identity provider IdP prevents
 
 ## SCIM provisioning errors
 
+{% data reusables.scim.emu-scim-rate-limit-details %}
+
 Azure AD will retry SCIM provisioning attempts automatically during the next Azure AD sync cycle. The default SCIM provisioning interval for Azure AD is 40 minutes. For more information about this retry behavior, see the [Microsoft documentation](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/how-provisioning-works#errors-and-retries) or contact Azure support if you need additional assistance.
 
-Okta will retry failed SCIM provisioning attempts with manual Okta admin intervention. For more information about how an Okta admin can retry a failed task for a specific application, see the [Okta documentation](https://support.okta.com/help/s/article/How-to-retry-failed-tasks-for-a-specific-application?language=en_US) or contact Okta support if you need additional assistance.
+Okta will retry failed SCIM provisioning attempts with manual Okta admin intervention. For more information about how an Okta admin can retry a failed task for a specific application, see the [Okta documentation](https://support.okta.com/help/s/article/How-to-retry-failed-tasks-for-a-specific-application?language=en_US) or contact Okta support.
 {% endif %}
 
 ## SAML authentication errors
@@ -59,5 +61,6 @@ If users are experiencing errors when attempting to authenticate with SAML, see
 
 ## Further reading
 
+- "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/troubleshooting-team-membership-with-identity-provider-groups)"
 - "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/troubleshooting-identity-and-access-management-for-your-organization)"
 {% endif %}

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise.md

@@ -20,28 +20,21 @@ topics:
 shortTitle: Invite people to manage
 ---
 
-## About users who can manage your enterprise account
+## About administrator management
 
-{% data reusables.enterprise-accounts.enterprise-administrators %} For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise)."
+{% ifversion ghec %}If you do not use {% data variables.product.prodname_emus %}, you{% else %}You{% endif %} can add or remove enterprise owners{% ifversion ghec %} and billing managers{% endif %} on {% data variables.product.product_name %}. For more information about the privileges that come with each enterprise role, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise)."
 
 {% ifversion ghes %}
 
-If you want to manage owners and billing managers for an enterprise account on {% data variables.product.prodname_dotcom_the_website %}, see "[AUTOTITLE](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
-
+If you want to manage enterprise owners and billing managers for an enterprise account on {% data variables.product.prodname_dotcom_the_website %}, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise).
 {% endif %}
 
 {% ifversion ghec %}
 
-If your enterprise uses {% data variables.product.prodname_emus %}, enterprise owners can only be added or removed through your identity provider. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
+If you do use {% data variables.product.prodname_emus %}, enterprise owners and billing managers can only be added or removed through your identity provider. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
 
 {% endif %}
 
-{% tip %}
-
-**Tip:** For more information on managing users within an organization owned by your enterprise account, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization)" and "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles)."
-
-{% endtip %}
-
 ## {% ifversion ghec %}Inviting{% elsif ghes %}Adding{% endif %} an enterprise administrator to your enterprise account
 
 {% ifversion ghec %}After you invite someone to join the enterprise account, they must accept the emailed invitation before they can access the enterprise account. Pending invitations will expire after 7 days.{% endif %}
@@ -82,3 +75,8 @@ If the administrator you want to remove is a member of any organizations owned b
 1. Next to the username of the person you'd like to remove, select the {% octicon "gear" aria-label="Administrator settings" %} dropdown menu, then click **Remove owner**.
 1. Read the confirmation, then click **Remove owner**.
 {%- endif %}
+
+## Further reading
+
+- "[AUTOTITLE](/organizations/managing-membership-in-your-organization)"
+- "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles)"

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise.md

@@ -1,6 +1,6 @@
 ---
 title: Roles in an enterprise
-intro: 'Everyone in an enterprise is a member of the enterprise. To control access to your enterprise''s settings and data, you can assign different roles to members of your enterprise.'
+intro: "Everyone in an enterprise is a member of the enterprise. To control access to your enterprise's settings and data, you can assign different roles to members of your enterprise."
 redirect_from:
   - /github/setting-up-and-managing-your-enterprise/managing-users-in-your-enterprise/roles-in-an-enterprise
   - /github/setting-up-and-managing-your-enterprise-account/roles-for-an-enterprise-account
@@ -18,14 +18,21 @@ topics:
 
 ## About roles in an enterprise
 
-Everyone in an enterprise is a member of the enterprise. You can also assign administrative roles to members of your enterprise. Each administrator role maps to business functions and provides permissions to do specific tasks within the enterprise.
+All users that are part of your enterprise have one of the following roles:
 
-{% data reusables.enterprise-accounts.enterprise-administrators %}
+- Enterprise owner
+{%- ifversion ghec %}
+- Billing manager
+{%- endif %}
+- Enterprise member
+{% ifversion guest-collaborators %}
+- Guest collaborator ({% data variables.product.prodname_emus %} only)
+{%- endif %}
 
 {% ifversion ghec %}
-If your enterprise does not use {% data variables.product.prodname_emus %}, you can invite someone to an administrative role using a user account on {% data variables.product.product_name %} that they control. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise)."
+If your enterprise does not use {% data variables.product.prodname_emus %}, you can invite someone to become an enterprise owner or billing manager using {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise)."
 
-In an enterprise using {% data variables.product.prodname_emus %}, new owners and members must be provisioned through your identity provider. Enterprise owners and organization owners cannot add new members or owners to the enterprise using {% data variables.product.prodname_dotcom %}. You can select a member's enterprise role using your IdP and it cannot be changed on {% data variables.product.prodname_dotcom %}. You can select a member's role in an organization on {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
+If you do use {% data variables.product.prodname_emus %}, you must provision all new owners, billing managers, members, and guest collaborators through your identity provider. You cannot add them to the enterprise using {% data variables.product.prodname_dotcom %}. You must select each user's enterprise role using your IdP, and that role cannot be changed on {% data variables.product.prodname_dotcom %}. However, you can select a member's role in an organization using {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
 {% else %}
 For more information about adding people to your enterprise, see "[AUTOTITLE](/admin/identity-and-access-management)".
 
@@ -34,6 +41,7 @@ For more information about adding people to your enterprise, see "[AUTOTITLE](/a
 ## Enterprise owners
 
 Enterprise owners have complete control over the enterprise and can take every action, including:
+
 - Managing administrators
 - {% ifversion ghec %}Adding and removing {% elsif ghae or ghes %}Managing{% endif %} organizations {% ifversion ghec %}to and from {% elsif ghae or ghes %} in{% endif %} the enterprise{% ifversion remove-enterprise-members %}
 - Removing enterprise members from all organizations owned by the enterprise{% endif %}
@@ -51,33 +59,47 @@ Enterprise owners cannot access organization settings or content unless they are
 
 {% ifversion ghec %}An enterprise owner will only consume a license if they are an owner or member of at least one organization within the enterprise. {% endif %}Even if an enterprise owner has a role in multiple organizations, they will consume a single license. {% ifversion ghec %}Enterprise owners must have a personal account on {% data variables.product.prodname_dotcom %}.{% endif %} As a best practice, we recommend making only a few people in your company enterprise owners, to reduce the risk to your business. {% ifversion ghes %}For more information about accounts that consume a license for {% data variables.location.product_location %}, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing#accounts-that-consume-a-license-on-github-enterprise-server)."{% endif %}
 
-## Enterprise members
-
-Members of organizations owned by your enterprise are also automatically members of the enterprise. Members can collaborate in organizations and may be organization owners, but members cannot access or configure enterprise settings{% ifversion ghec %}, including billing settings{% endif %}.
-
-People in your enterprise may have different levels of access to the various organizations owned by your enterprise and to repositories within those organizations. You can view the resources that each person has access to. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise)."
-
-For more information about organization-level permissions, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)."
-
-People with outside collaborator access to repositories owned by your organization are also listed in your enterprise's People tab, but are not enterprise members and do not have any access to the enterprise. For more information about outside collaborators, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators)."
-
 {% ifversion ghec %}
 
 ## Billing managers
 
 Billing managers only have access to your enterprise's billing settings. Billing managers for your enterprise can:
-- View and manage user licenses, {% data variables.large_files.product_name_short %} packs and other billing settings
+- View and manage user licenses, {% data variables.large_files.product_name_short %} packs, and other billing settings
 - View a list of billing managers
 - Add or remove other billing managers
 
 Billing managers will only consume a license if they are an owner or member of at least one organization within the enterprise. Billing managers do not have access to organizations or repositories in your enterprise, and cannot add or remove enterprise owners. Billing managers must have a personal account on {% data variables.product.prodname_dotcom %}.
 
-## About support entitlements
+{% endif %}
 
-{% data reusables.enterprise-accounts.support-entitlements %}
+## Enterprise members
 
-## Further reading
+Members of organizations owned by your enterprise are also automatically members of the enterprise. Members can collaborate in organizations and may be organization owners, but members cannot access or configure enterprise settings{% ifversion ghec %}, including billing settings{% endif %}.
 
-- "[AUTOTITLE](/admin/overview/about-enterprise-accounts)"
+Enterprise members have access to all repositories with the "internal" visibility that are owned by any organization within the enterprise. For more information about internal repositories, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories)."
+
+People in your enterprise may have different levels of access to the various organizations owned by your enterprise and to repositories within those organizations. You can view the resources that each person has access to. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise)."
+
+People with outside collaborator access to repositories owned by your organization are also listed in your enterprise's "People" tab, but are not enterprise members and do not have any access to the enterprise. For more information about outside collaborators, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators)."
+
+{% ifversion guest-collaborators %}
+
+## Guest collaborators
+
+{% note %}
+
+**Note:** The guest collaborator role is only available with {% data variables.product.prodname_emus %}. This feature is currently in public beta and subject to change.
+
+{% endnote %}
+
+If your enterprise uses {% data variables.product.prodname_emus %}, you can use the role of guest collaborator to grant limited access to vendors and contractors. Like all {% data variables.enterprise.prodname_managed_users %}, guest collaborators are provisioned by your IdP. Unlike enterprise members, guest collaborators only have access to the specific repositories or organizations you add them to.
+
+Currently, guest collaborators must be added to an organization team in order to be granted access to repositories within that organization. When they are added to an organization team they become organization members. Guest collaborators only have access to internal repositories within organizations where they are a member and private repositories they are expressly authorized to access. Guest collaborators will never see internal repositories in an organization they are not a member of.
+
+Guest collaborators can be members of IdP groups that are connected to {% data variables.product.prodname_dotcom %} teams. However, guest collaborators are never added to an organization via SCIM. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
+
+If you want to prevent a user from accessing internal repositories, make sure that the only role assigned to the user is guest collaborator, both directly and via group membership. If the same user is assigned multiple roles, the more privileged role will override the less privileged role. For example, if you assign the guest collaborator role directly to a user, but the user is also a member of a group that's assigned the enterprise owner role, the user will have full privileges of an enterprise owner.
+
+If you use Azure AD or Okta for SAML authentication, you may need to update your IdP application to use guest collaborators. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users#enabling-guest-collaborators)."
 
 {% endif %}

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md

@@ -115,3 +115,16 @@ Across all of your enterprise's organizations, you can allow or disallow people
 1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "Enable or disable {% data variables.product.prodname_secret_scanning %} by repository admins", select the dropdown menu and click a policy.
 
 {% endif %}
+
+{% ifversion secret-scanning-ai-generic-secret-detection %}
+
+## Enforcing a policy to manage the use of generic secret detection for {% data variables.product.prodname_secret_scanning %} in your enterprise's repositories
+
+Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage and configure generic secret detection for {% data variables.product.prodname_secret_scanning %} for the repositories. {% data reusables.advanced-security.ghas-must-be-enabled %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
+1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "AI detection in {% data variables.product.prodname_secret_scanning %}", select the dropdown menu and click a policy.
+
+{% endif %}

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise.md

@@ -70,5 +70,5 @@ Enterprise owners can choose whether to grant access to {% data variables.produc
 
 ## Further reading
 
-- "[AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-for-business-privacy-statement)"
+- "[AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-business-privacy-statement)"
 - [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center/)

content/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot.md

@@ -11,7 +11,7 @@ shortTitle: Billing for GitHub Copilot
 
 ## About billing for {% data variables.product.prodname_copilot %}
 
-You can either set up a {% data variables.product.prodname_copilot %} subscription for your personal account, or you can set up a {% data variables.product.prodname_copilot_for_business %} subscription for your organization{% ifversion ghec %} or enterprise. If you are a member of an organization with a {% data variables.product.prodname_copilot_for_business %} subscription, you will need to be assigned a seat by an organization owner{% endif %}. {% ifversion fpt %}For more information about {% data variables.product.prodname_copilot_for_individuals %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-individuals)."{% endif %} {% ifversion ghec %}For more information about {% data variables.product.prodname_copilot_for_business %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-business)."{% endif %}
+You can either set up a {% data variables.product.prodname_copilot %} subscription for your personal account, or you can set up a {% data variables.product.prodname_copilot_for_business %} subscription for your organization{% ifversion ghec %} or enterprise. If you are a member of an organization with a {% data variables.product.prodname_copilot_for_business %} subscription, you will need to be assigned a seat by an organization owner{% endif %}. {% ifversion fpt %}For more information about {% data variables.product.prodname_copilot_for_individuals %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)."{% endif %} {% ifversion ghec %}For more information about {% data variables.product.prodname_copilot_for_business %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-business)."{% endif %}
 
 {% ifversion fpt %}Before starting a paid subscription for a personal account, you can set up a one-time {% data reusables.copilot.trial-period %}-day trial to evaluate {% data variables.product.prodname_copilot %}. To begin a trial, you will need to choose a monthly or yearly billing cycle, and provide a payment method. If you do not cancel the trial before the end of the {% data reusables.copilot.trial-period %} days, the trial will automatically convert to a paid subscription. You can cancel your {% data variables.product.prodname_copilot %} trial at any time during the {% data reusables.copilot.trial-period %} days and you won't be charged. If you cancel before the end of the trial, you will continue to have access to {% data variables.product.prodname_copilot %} until the {% data reusables.copilot.trial-period %}-day trial period ends. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription-for-your-personal-account)."
 

content/billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription-for-your-organization-or-enterprise.md

@@ -105,5 +105,5 @@ To cancel your {% data variables.product.prodname_copilot_business_short %} subs
 
 ## Further reading
 
-- "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-business)"
-- "[AUTOTITLE](/copilot/overview-of-github-copilot/enabling-and-setting-up-github-copilot-for-business)"
+- "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-business)"
+- "[AUTOTITLE](/copilot/managing-copilot-business/enabling-and-setting-up-github-copilot-business)"

content/billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription-for-your-personal-account.md

@@ -41,7 +41,7 @@ Before you can start using {% data variables.product.prodname_copilot_for_indivi
 
 ## Canceling your {% data variables.product.prodname_copilot_individuals_short %} subscription
 
-You can cancel your {% data variables.product.prodname_copilot_individuals_short %} subscription at any time. The cancellation will take effect at the end of your current billing cycle. You can also cancel your {% data variables.product.prodname_copilot_individuals_short %} trial, during the {% data reusables.copilot.trial-period %}-day trial period. For more information, see "[Canceling your {% data variables.product.prodname_copilot_individuals_short %} trial](#canceling-your-copilot-for-individuals-trial)."
+You can cancel your {% data variables.product.prodname_copilot_individuals_short %} subscription at any time. The cancellation will take effect at the end of your current billing cycle. You can also cancel your {% data variables.product.prodname_copilot_individuals_short %} trial, during the {% data reusables.copilot.trial-period %}-day trial period. For more information, see "[Canceling your {% data variables.product.prodname_copilot_individuals_short %} trial](#canceling-your-copilot-individual-trial)."
 
 {% data reusables.user-settings.access_settings %}
 {% data reusables.user-settings.billing_plans %}
@@ -63,5 +63,5 @@ You can cancel your {% data variables.product.prodname_copilot_individuals_short
 
 ## Further reading
 
-- "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-individuals)"
+- "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)"
 - "[AUTOTITLE](/copilot/getting-started-with-github-copilot)"

content/billing/managing-the-plan-for-your-github-account/about-per-user-pricing.md

@@ -102,6 +102,7 @@ If your enterprise does not use {% data variables.product.prodname_emus %}, you
 - Billing managers for individual organizations
 - Anyone with a pending invitation to become a billing manager
 - Anyone with a pending invitation to become an outside collaborator on a public repository owned by your organization
+- Guest collaborators who are not organization members (see "[AUTOTITLE](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise#guest-collaborators)")
 - Users of {% data variables.visual_studio.prodname_vss_ghe %} whose accounts on {% data variables.product.prodname_dotcom_the_website %} are not linked, and who do not meet any of the other criteria for per-user pricing
 
 ### Accounts that consume a license on {% data variables.product.prodname_ghe_server %}

content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md

@@ -34,7 +34,7 @@ If you use {% data variables.product.product_name %} through a Microsoft Enterpr
 | {% data variables.product.prodname_github_codespaces %} usage | "[AUTOTITLE](/billing/managing-billing-for-github-codespaces/about-billing-for-github-codespaces)" | "[AUTOTITLE](/billing/managing-billing-for-github-codespaces/about-billing-for-github-codespaces)" |
 | {% data variables.product.prodname_actions %} usage beyond the amounts included with your plan | "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)" | "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions#about-spending-limits)" |
 | {% data variables.product.prodname_registry %} usage beyond the amounts included with your plan | "[AUTOTITLE](/billing/managing-billing-for-github-packages/about-billing-for-github-packages)" | "[AUTOTITLE](/billing/managing-billing-for-github-packages/about-billing-for-github-packages#about-spending-limits)" |
-| {% data variables.product.prodname_copilot_business_short %} usage | "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#pricing-for-github-copilot-for-business)" | N/A |
+| {% data variables.product.prodname_copilot_business_short %} usage | "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#pricing-for-github-copilot-business)" | N/A |
 
 ## About billing through Azure
 

content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md

@@ -0,0 +1,123 @@
+---
+title: About autofix for CodeQL code scanning
+shortTitle: Autofix for code scanning
+intro: Learn how GitHub uses AI to suggest potential fixes for {% data variables.product.prodname_code_scanning %} alerts found by {% data variables.product.prodname_codeql %} in your pull request.
+product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}'
+versions:
+  feature: code-scanning-autofix-js-ts
+  fpt: '*'
+type: rai
+topics:
+  - Advanced Security
+  - Code scanning
+  - CodeQL
+  - AI
+---
+<!--Note on the versioning above ^. This article is visible to free, pro, team users for transparency. They cannot use the feature so `fpt` is not included in the feature definition.-->
+
+{% data reusables.rai.code-scanning.beta-autofix-js-ts %}
+
+## About autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}
+
+Autofix is an AI-powered expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts in pull requests so they can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
+
+{% data variables.product.prodname_code_scanning_caps %} autofix generates potential fixes that are relevant to the existing source code and translates the description and location of an alert into code changes that may fix the alert. The autofix system uses the OpenAI GPT-4 large language model, which has sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes.
+
+## Developer experience
+
+{% data variables.product.prodname_GH_advanced_security %} users can already see any security alerts detected by {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %} to analyze their pull requests. However, developers often have little training in code security so fixing these alerts requires substantial effort. They must first read and understand the alert location and description, and then use that understanding to edit the source code to fix the vulnerability.
+
+{% data variables.product.prodname_code_scanning_caps %} autofix lowers the barrier of entry to developers by combining information on best practices with details of the codebase and alert to suggest a potential fix to the developer. Instead of starting with a search for information about the vulnerability, the developer starts with a code suggestion that demonstrates a potential solution for their codebase. The developer evaluates the potential fix to determine whether it is the best solution for their codebase and to ensure that it maintains the intended behavior.
+
+After committing a suggested fix or modified fix, the developer should always verify that continuous integration testing (CI) for the codebase continues to pass and that the alert is shown as resolved before they merge their pull request.
+
+## Autofix generation process
+
+When autofix is enabled for a repository, {% data variables.product.prodname_code_scanning %} alerts that are identified in a pull request by supported {% data variables.product.prodname_codeql %} queries send input to the LLM. If the LLM can generate a potential fix, the fix is shown in the pull request as a suggestion comment.
+
+{% data variables.product.prodname_dotcom %} sends the LLM a variety of data from the pull request and from {% data variables.product.prodname_codeql %} analysis.
+
+- {% data variables.product.prodname_codeql %} alert data in SARIF format. For more information, see “[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning).”
+- Code from the current version of the pull request branch.
+    - Short snippets of code around each source location, sink location, and any location referenced in the alert message or included on the flow path.
+    - First ~10 lines from each file involved in any of those locations.
+- Help text for the {% data variables.product.prodname_codeql %} query that identified the problem. For examples, see “[{% data variables.product.prodname_codeql %} query help](https://codeql.github.com/codeql-query-help/).”
+
+Any autofix suggestions are generated and stored within the {% data variables.product.prodname_code_scanning %} backend. They are displayed as suggestion comments in the pull request. No user interaction is needed beyond enabling {% data variables.product.prodname_code_scanning %} on the codebase and creating the pull request.
+
+## Quality of autofix suggestions
+
+{% data variables.product.prodname_dotcom %} uses an automated test harness to continuously monitor the quality of autofix suggestions. This allows us to understand how the autofix suggestions generated by the LLM change as the model develops.
+
+The test harness includes a set of over 700 JavaScript/TypeScript alerts from a diverse set of public repositories where the highlighted code has test coverage. Autofix suggestions for these alerts are tested to see how good they are, that is, how much a developer would need to edit them before commiting them to the codebase. For many of the test alerts, autofixes generated by the LLM could be committed as-is to fix the alert while continuing to successfully pass all the existing CI tests.
+
+In addition, the system is stress-tested to check for any potential harm (often referred to as red teaming), and a filtering system on the LLM helps prevent potentially harmful suggestions being displayed to users.
+
+### How GitHub tests autofix suggestions
+
+We test the effectiveness of autofix suggestions by merging all suggested changes, unedited, before running {% data variables.product.prodname_code_scanning %} and the repository's unit tests on the resulting code.
+
+1. Was the {% data variables.product.prodname_code_scanning %} alert fixed by the suggestion?
+1. Did the fix introduce any new {% data variables.product.prodname_code_scanning %} alerts?
+1. Did the fix introduce any syntax errors that {% data variables.product.prodname_codeql %} can detect?
+1. Has the fix changed the output of any of the repository tests?
+
+In addition, we spot check many of the successful suggestions and verify that they fix the alert without introducing new problems. When one or more of these checks failed, our manual triage showed that in many cases the proposed fix was nearly correct but needed some minor modifications that a user could identify and manually perform.
+
+### Effectiveness on other JavaScript/TypeScript projects
+
+The test set contains a broad range of different types of projects and alerts. We predict that autofixes for other JavaScript/TypeScript projects should follow a similar pattern.
+
+- Autofix is likely to add a code suggestion to the majority of alerts for JavaScript/TypeScript projects.
+- When developers evaluate the autofix suggestions we expect that the majority of fixes can be committed without editing or with minor updates to reflect the wider context of the code.
+- A small percentage of suggested fixes will reflect a significant misunderstanding of the codebase or the vulnerability.
+
+However, each project and codebase is unique, so developers may need to edit a larger percentage of suggested fixes before committing them. Autofix provides valuable information to help you resolve {% data variables.product.prodname_code_scanning %} alerts, but ultimately it remains your responsibility to evaluate the proposed change and ensure the security and accuracy of your code.
+
+{% note %}
+
+**Note:** The system does not suggest fixes for all types of {% data variables.product.prodname_code_scanning %} alerts identified by {% data variables.product.prodname_codeql %}. Autofix is supported for a subset of the default {% data variables.product.prodname_codeql %} JavaScript/TypeScript queries and the LLM is limited in its operational capacity. In addition, each suggested fix is tested before it is added to a pull request. If no suggestion is available, or if the suggested fix fails internal testing, then no autofix suggestion is displayed.
+
+{% endnote %}
+
+## Limitations of autofix suggestions
+
+When you review an autofix suggestion, you must always consider the limitations of AI and edit the changes as needed before you accept the changes. You should also consider updating the CI testing and dependency management for a repository before enabling autofix for {% data variables.product.prodname_code_scanning %}. For more information, see "[Mitigating the limitations of autofix suggestions](#mitigating-the-limitations-of-autofix-suggestions)."
+
+### Limitations of autofix code suggestions
+
+- _Programming languages:_ A subset of programming languages is supported, initially only JavaScript and TypeScript. Support for additional languages will be added, but there is no intention to provide support for all {% data variables.product.prodname_codeql %} languages.
+- _Human languages:_ The system primarily uses English data, including the prompts sent to the system, the code seen by the LLMs in their datasets, and the test cases used for internal evaluation. Suggestions generated by the LLM may have a lower success rate for source code and comments written in other languages and using other character sets.
+- _Syntax errors:_ The system may suggest fixes that are not syntactically correct code changes, so it is important to run syntax checks on pull requests.
+- _Location errors:_ The system may suggest fixes that are syntactically correct code but are suggested at the incorrect location, which means that if a user accepts a fix without editing the location they will introduce a syntax error.
+- _Semantic errors_: The system may suggest fixes that are syntactically valid but that change the semantics of the program. The system has no understanding of the programmer or codebase’s intent in how the code should behave. Having good test coverage helps developers verify that a fix does not change the behavior of the codebase.
+- _Security vulnerabilities and misleading fixes:_ The system may suggest fixes that fail to remediate the underlying security vulnerability and/or introduce new security vulnerabilities.
+- _Partial fixes:_ The system may suggest fixes that only partially address the security vulnerability, or only partially preserve the intended code functionality. The system sees only a small subset of the code in the codebase and does not always produce globally optimal or correct solutions.
+
+### Limitations of autofix dependency suggestions
+
+Sometimes a suggested fix includes a change in the dependencies of the codebase. If you use a dependency management system, any changes will be highlighted automatically for the developer to review. Before merging a pull request always verify that any dependency changes are secure and maintain the intended behavior of the codebase.
+
+- _New or updated dependencies:_ The system may suggest adding or updating software dependencies as part of a suggested fix. For example, by suggesting changing the `package.json` file for JavaScript projects to add dependencies from npm.
+- _Unsupported or insecure dependencies:_ The system does not know which versions of an existing dependency are supported or secure.
+- _Fabricated dependencies:_ The system has incomplete knowledge of the dependencies published in the wider ecosystem. This can lead to suggestions that add a new dependency on malicious software that attackers have published under a statistically probable dependency name.
+
+## Mitigating the limitations of autofix suggestions
+
+The best way to mitigate the limitations of autofix suggestions is to follow best practices. For example, using CI testing of pull requests to verify functional requirements are unaffected and using dependency management solutions, such as the dependency review API and action. For more information, see “[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).”
+
+It is important to remember that the author of a pull request retains responsibility for how they respond to review comments and suggested code changes, whether proposed by colleagues or automated tools. Developers should always look at suggestions for code changes critically. If needed, they should edit the suggested changes to ensure that the resulting code and application are correct, secure, meet performance criteria, and satisfy all other functional and non-functional requirements for the application.
+
+## Next steps
+
+{% ifversion code-scanning-autofix-js-ts %}
+
+- "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
+- "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts)"
+
+{% elsif fpt %}
+
+- "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
+- [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts)
+
+{% endif %}

content/code-security/code-scanning/managing-code-scanning-alerts/index.md

@@ -14,6 +14,7 @@ topics:
   - CodeQL
 children:
   - /about-code-scanning-alerts
+  - /about-autofix-for-codeql-code-scanning
   - /managing-code-scanning-alerts-for-your-repository
   - /triaging-code-scanning-alerts-in-pull-requests
   - /tracking-code-scanning-alerts-in-issues-using-task-lists

content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md

@@ -113,6 +113,47 @@ You can choose to require all conversations in a pull request, including those o
 
 Anyone with push access to a pull request can fix a {% data variables.product.prodname_code_scanning %} alert that's identified on that pull request. If you commit changes to the pull request this triggers a new run of the pull request checks. If your changes fix the problem, the alert is closed and the annotation removed.
 
+{% ifversion code-scanning-autofix-js-ts %}
+
+## Working with autofix suggestions for alerts
+
+{% data reusables.rai.code-scanning.beta-autofix-js-ts %}
+
+Autofix is an AI-powered expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts in pull requests. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
+
+![Screenshot of the check failure for a {% data variables.product.prodname_code_scanning %} alert in a pull request. The first paragraph of the "autofix" suggestion for the alert is highlighted in dark orange.](/assets/images/help/code-scanning/alert+autofix.png)
+
+### Generating autofix suggestions and publishing to a pull request
+
+When autofix is enabled for a repository, alerts are displayed in pull requests as normal and information from any alerts found by {% data variables.product.prodname_codeql %} is automatically sent to the LLM for processing. When LLM analysis is complete, any results are published as comments on relevant alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
+
+{% note %}
+
+**Note:** Autofix supports a subset of {% data variables.product.prodname_codeql %} queries. When analysis is complete, all relevant results are published to the pull request at once. If at least one alert in your pull request has an autofix suggestion, you should assume that the LLM has finished identifying potential fixes for your code.
+
+{% endnote %}
+
+Usually, when you suggest changes to a pull request, your comment contains changes for a single file that is changed in the pull request. The following screenshot shows an autofix comment that suggests changes to the `index.js` file where the alert is displayed. Since the potential fix requires a new dependency on `escape-html`, the comment also suggests adding this dependency to the `package.json` file, even though the original pull request makes no changes to this file.
+
+![Screenshot of the autofix suggestion for an alert showing the explanation and suggested fix to the current file. Suggested changes to an additional file, "package.json", are outlined in dark orange.](/assets/images/help/code-scanning/autofix-example.png)
+
+### Assessing and committing an autofix suggestion
+
+Each autofix suggestion demonstrates a potential solution for a {% data variables.product.prodname_code_scanning %} alert in your codebase. You must assess the suggested changes to determine whether they are a good solution for your codebase and to ensure that they maintain the intended behavior. For information about the limitations of autofix suggestions, see "[Limitations of autofix suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning/#limitations-of-autofix-suggestions)" and "[Mitigating the limitations of autofix suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#mitigating-the-limitations-of-autofix-suggestions)" in "About autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}."
+
+1. Click **Edit** to display the editing options and select your preferred method.
+   - Select **Edit with codespaces** to open a codespace showing your branch with the suggested fix applied.
+   - Select **Edit locally with {% data variables.product.prodname_cli %}** to display instructions for applying the suggested fix to any local repository or branch.
+1. Test and modify the suggested fix as needed.
+1. When you have finished testing your changes, commit the changes, and push them to your branch.
+1. Pushing the changes to your branch will trigger all the usual tests for your pull request. Confirm that your unit tests still pass and that the {% data variables.product.prodname_code_scanning %} alert is now fixed.
+
+### Dismissing an autofix suggestion
+
+If you decide to reject an autofix suggestion, click **Dismiss suggestion** in the comment to dismiss the suggested fix.
+
+{% endif %}
+
 ## Dismissing an alert on your pull request
 
 An alternative way of closing an alert is to dismiss it. You can dismiss an alert if you don't think it needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} If you have write permission for the repository, a **Dismiss alert** button is available in code annotations and in the alerts summary. When you click **Dismiss alert** you will be prompted to choose a reason for closing the alert.

content/code-security/getting-started/github-security-features.md

@@ -77,7 +77,7 @@ You can find the dependency graph on the **Insights** tab for your repository. F
 
 ### Security overview
 
-Security overview allows you to review security configurations and alerts, making it easy to identify the repositories and organizations at greatest risk. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
+Security overview allows you to review the overall security landscape of your organization, view trends and other insights, and manage security configurations, making it easy to monitor your organization's security status and identify the repositories and organizations at greatest risk. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
 
 {% else %}
 

content/code-security/getting-started/securing-your-organization.md

@@ -123,6 +123,10 @@ When you have enabled a feature, you should communicate with repository administ
 
 {% ifversion ghes or ghec or ghae %}You{% elsif fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %}{% endif %} can use security overview to see which teams and repositories are affected by security alerts, with a breakdown of alerts by severity. For more information, see{% ifversion ghes or ghec or ghae %} "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."{% elsif fpt %} "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/assessing-code-security-risk)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
 
+{% ifversion security-overview-dashboard %}
+Security overview also has a dashboard (beta) where you can explore high-level trends and metrics to gain insight into your organization's security landscape. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights-for-your-organization)."
+{% endif %}
+
 You can use various tools to monitor the actions that your organization's members are taking in response to security alerts. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)".
 
 ## Next steps

content/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning.md

@@ -0,0 +1,84 @@
+---
+title: About the detection of generic secrets with secret scanning
+shortTitle: Generic secret detection
+intro: 'Learn how {% data variables.product.prodname_secret_scanning %} uses AI to scan and create alerts for unstructured secrets, such as passwords.'
+versions:
+  feature: secret-scanning-ai-generic-secret-detection
+  fpt: '*'
+type: rai
+topics:
+  - Secret scanning
+  - Advanced Security
+  - AI
+---
+
+<!--Note on the versioning above ^. This article is visible to free, pro, team users for transparency. They cannot use the feature so `fpt` is not included in the feature definition.-->
+
+{% data reusables.secret-scanning.generic-secret-detection-ai %}
+
+## About generic secret detection for {% data variables.product.prodname_secret_scanning %}
+
+Generic secret detection is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that identifies unstructured secrets (passwords) in your source code and then generates an alert.
+
+{% data variables.product.prodname_GH_advanced_security %} users can already receive {% data variables.secret-scanning.alerts %} for partner or custom patterns found in their source code, but unstructured secrets are not easily discoverable. AI-powered generic secret detection uses large language models (LLMs) to identify this type of secret.
+
+When a password is detected, an alert is displayed in the list of {% data variables.product.prodname_secret_scanning %} alerts (under the **Security** tab of the repository, organization, or enterprise), so that maintainers and security managers can review the alert and, where necessary, remove the credential or implement a fix.
+
+In order to use generic secret detection, the enterprise owner sets a policy at the enterprise level. The feature must then be enabled for repositories. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-to-manage-the-use-of-generic-secret-detection-for-secret-scanning-in-your-enterprises-repositories)."
+
+### Input processing
+
+Input is limited to text (typically code) that a user has checked into a repository. The system provides this text to the LLM along with a meta prompt asking the LLM to find passwords within the scope of the input. The user does not interact with the LLM directly.
+
+The system scans for passwords using the LLM. No additional data is collected by the system, other than what is already collected by the existing {% data variables.product.prodname_secret_scanning %} feature.
+
+### Output and display
+
+The LLM scans for strings that resemble passwords and verifies that the identified strings included in the response actually exist in the input.
+
+These detected strings are surfaced as alerts on the {% data variables.product.prodname_secret_scanning %} alerts page, but they are displayed in an additional list that is separate from regular {% data variables.secret-scanning.alerts %}. The intent is that this separate list is triaged with more scrutiny to verify the validity of the findings. Each alert notes that it was detected using AI. {% ifversion secret-scanning-ai-generic-secret-detection %}For information on how to view alerts for generic secrets, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#viewing-alerts-for-generic-secrets-detected-using-ai)."{% endif %}
+
+## Improving the performance of generic secret detection
+
+To improve the performance of generic secret detection, we recommend closing false positive alerts appropriately and providing feedback when you encounter issues.
+
+### Verify the accuracy of alerts and close as appropriate
+
+Since AI-powered generic secret detection may generate more false positives than the existing {% data variables.product.prodname_secret_scanning %} feature for partner patterns, it's important that you review the accuracy of these alerts. When you verify an alert to be a false positive, be sure to close the alert and mark the reason as "False positive" in the {% data variables.product.prodname_dotcom %} UI. The {% data variables.product.prodname_dotcom %} development team will use this information to improve the model.
+
+### Provide feedback
+
+Generic secret detection is currently in beta. If you encounter any issues or limitations with the feature, we recommend that you provide feedback through the **Give feedback** button listed under each detected secret in the list of alerts for the repository, organization, or enterprise. This can help the developers improve the tool and address any concerns or limitations.
+
+## Limitations of generic secret detection
+
+When using generic secret detection for {% data variables.product.prodname_secret_scanning %}, you should consider the following limitations.
+
+### Limited scope
+
+AI-powered generic secret detection currently only looks for instances of passwords in git content. The feature does not look for other types of generic secrets, and it does not look for secrets in non-git content, such as {% data variables.product.prodname_github_issues %}.
+
+### Potential for false positive alerts
+
+AI-powered generic secret detection may generate more false positive alerts when compared to the existing {% data variables.product.prodname_secret_scanning %} feature (which detects partner patterns, and which has a very low false positive rate). To mitigate this excess noise, alerts are grouped in a separate list from partner pattern alerts, and security managers and maintainers should triage each alert to verify its accuracy.
+
+### Potential for incomplete reporting
+
+AI-powered generic secret detection may miss instances of credentials checked into a repository. The LLM will improve over time. You retain ultimate responsibility for ensuring the security of your code.
+
+## Evaluation of generic secret detection
+
+Generic secret detection has been subject to Responsible AI Red Teaming and {% data variables.product.prodname_dotcom %} will continue to monitor the efficacy and safety of the feature over time.
+
+{% ifversion secret-scanning-ai-generic-secret-detection %}
+
+## Next steps
+
+- [AUTOTITLE](/code-security/secret-scanning/enabling-ai-powered-generic-secret-detection)
+- [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#viewing-alerts-for-generic-secrets-detected-using-ai)
+
+{% endif %}
+
+## Further reading
+
+- [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)

content/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns.md

@@ -0,0 +1,78 @@
+---
+title: About the regular expression generator for custom patterns
+shortTitle: Generate regular expressions with AI
+intro: 'You can define your own custom patterns to extend the capabilities of {% data variables.product.prodname_secret_scanning %} by generating one or more regular expressions for each pattern, using the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+  feature: secret-scanning-custom-pattern-ai-generated
+  fpt: '*'
+type: rai
+topics:
+  - Advanced Security
+  - Secret scanning
+  - AI
+---
+
+<!--Note on the versioning above ^. This article is visible to free, pro, team users for transparency. They cannot use the feature so `fpt` is not included in the feature definition.-->
+
+{% data reusables.secret-scanning.beta-custom-pattern-regular-expression-generator %}
+
+## About the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}
+
+{% data variables.product.prodname_secret_scanning_caps %} scans repositories for a predefined set of secrets from our partner program, as well as custom patterns that are user-defined. Custom patterns are formatted as regular expressions.
+
+Regular expressions can be challenging for people to write. The {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} makes it possible for you to define your custom patterns without knowledge of regular expressions. Within the existing custom pattern page, you can launch a generative AI experience where you input a text description of what pattern you would like to detect, include optional example strings that should be detected, and get matching regular expressions in return.
+
+### Input processing
+
+Users input a text description of what they would like to detect, and optional example strings that should be detected.
+
+### Response generation and output formatting
+
+The {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} uses GPT-3.5-Turbo and the {% data variables.product.prodname_copilot %} API to generate regular expressions that match your input.
+
+The model returns up to three regular expressions for you to review. You can click on the regular expression to get an AI-generated plain language description of the regular expression.
+
+Some results may be quite similar, and some results may not find every instance of the secret that the pattern is intended to detect. It is also possible that the regular expression generator may produce results which are invalid or inappropriate.
+
+When you click **Use result** on a regular expression, the expression and any examples inputted will be copied over to the main custom pattern form. There, you can perform a dry run of the pattern to see how it performs across your repository or organization.{% ifversion secret-scanning-custom-pattern-ai-generated %} For more information on how to define a custom pattern for your repository or organization, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)." {% endif %}
+
+## Improving performance for the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}
+
+To enhance performance and address some of the limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}, there are various measures that you can adopt. For more information on the limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}, see "[Limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}](#limitations-of-the-regular-expression-generator)."
+
+### Use the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} as a tool, not a replacement
+
+While the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is a powerful tool to create custom patterns without you having to write regular expressions yourself, it is important to use it as a tool rather than a replacement for manual input. You should carefully validate the performance of the results by performing a dry run across your organization or repository. It's a good idea to run the pattern on a repository (or repositories) that are representative of the repositories in your organization. In some cases, it may be beneficial to modify a generated regular expression to more fully meet your needs. You remain ultimately responsible for any custom patterns you decide to use.
+
+### Provide feedback
+
+The {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is currently in beta. If you encounter any issues or limitations with the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}, we recommend that you provide feedback through the **Give feedback** button at the top of the generator, in the UI. This can help the developers to improve the tool and address any concerns or limitations.
+
+## Limitations of the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}
+
+Depending on factors such as your input description and examples, you may experience different levels of performance when using the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}. You need to be as specific as possible with your description, and provide different types of examples of tokens that match your pattern, to be sure that the regular expression incompasses all the patterns you want {% data variables.product.prodname_secret_scanning %} to search for.
+
+Also, the model used by the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} has been trained on natural language content written predominantly in English. As a result, you may notice differing performance when providing the generator with natural language input prompts in languages other than English.
+
+Note that the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is only suitable for creating regular expressions to detect structured patterns.
+
+{% ifversion secret-scanning-custom-pattern-ai-generated %}
+
+## Next steps
+
+- [AUTOTITLE](/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai)
+- [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
+{% endif %}
+
+## Further reading
+
+{% ifversion fpt %}
+- [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)
+- [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
+{% endif %}
+
+{% ifversion secret-scanning-custom-pattern-ai-generated %}
+- [AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)
+- [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)
+{% endif %}

content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md

@@ -1,7 +1,7 @@
 ---
 title: Defining custom patterns for secret scanning
 shortTitle: Define custom patterns
-intro: 'You can extend {% data variables.product.prodname_secret_scanning %} to detect secrets beyond the default patterns.'
+intro: 'You can define your own custom patterns to extend the capabilities of {% data variables.product.prodname_secret_scanning %} by generating one or more regular expressions.'
 product: '{% data reusables.gated-features.secret-scanning %}'
 redirect_from:
   - /code-security/secret-security/defining-custom-patterns-for-secret-scanning
@@ -23,10 +23,18 @@ You can define custom patterns for your enterprise, organization, or repository.
 
 {% ifversion secret-scanning-push-protection-custom-patterns %}You can also enable push protection for custom patterns. For more information about push protection, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."{% endif %}
 
-## Regular expression syntax for custom patterns
+## About using regular expressions for custom patterns
 
 You can specify custom patterns for {% data variables.product.prodname_secret_scanning %} as one or more regular expressions.
 
+{% data variables.product.prodname_secret_scanning_caps %} uses the [Hyperscan library](https://github.com/intel/hyperscan) and only supports Hyperscan regex constructs, which are a subset of PCRE syntax. Hyperscan option modifiers are not supported.  For more information on Hyperscan pattern constructs, see "[Pattern support](http://intel.github.io/hyperscan/dev-reference/compilation.html#pattern-support)" in the Hyperscan documentation.
+
+{% ifversion secret-scanning-custom-pattern-ai-generated %}Regular expressions can be entered manually or generated using the regular expression generator.
+
+### Regular expression syntax for manually defining custom patterns {% endif %}
+
+The **More options {% octicon "chevron-down" aria-label="down" %}** section in the UI helps you write regular expressions manually.
+
 - **Secret format:** an expression that describes the format of the secret itself.
 - **Before secret:** an expression that describes the characters that come before the secret. By default, this is set to `\A|[^0-9A-Za-z]` which means that the secret must be at the start of a line or be preceded by a non-alphanumeric character.
 - **After secret:** an expression that describes the characters that come after the secret. By default, this is set to `\z|[^0-9A-Za-z]` which means that the secret must be followed by a new line or a non-alphanumeric character.
@@ -34,7 +42,13 @@ You can specify custom patterns for {% data variables.product.prodname_secret_sc
 
 For simple tokens you will usually only need to specify a secret format. The other fields provide flexibility so that you can specify more complex secrets without creating complex regular expressions.  For an example of a custom pattern, see "[Example of a custom pattern specified using additional requirements](#example-of-a-custom-pattern-specified-using-additional-requirements)" below.
 
-{% data variables.product.prodname_secret_scanning_caps %} uses the [Hyperscan library](https://github.com/intel/hyperscan) and only supports Hyperscan regex constructs, which are a subset of PCRE syntax. Hyperscan option modifiers are not supported.  For more information on Hyperscan pattern constructs, see "[Pattern support](http://intel.github.io/hyperscan/dev-reference/compilation.html#pattern-support)" in the Hyperscan documentation.
+{% ifversion secret-scanning-custom-pattern-ai-generated %}
+
+### Using the regular expression generator
+
+{% data reusables.secret-scanning.regular-expression-generator-overview %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns) and "[AUTOTITLE](/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai)."
+
+{% endif %}
 
 ## Defining a custom pattern for a repository
 
@@ -51,7 +65,7 @@ Before defining a custom pattern, you must ensure that {% data variables.product
 {%- ifversion secret-scanning-custom-enterprise-35 %}{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}{% endif %}
 {% endif %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
-1. Optionally, to enable push protection for your custom pattern, click **Enable**.  
+1. Optionally, to enable push protection for your custom pattern, click **Enable**.
    {% note %}
 
    **Note**: The "Enable" button isn't available until after the dry run succeeds and you publish the pattern.

content/code-security/secret-scanning/enabling-ai-powered-generic-secret-detection.md

@@ -0,0 +1,33 @@
+---
+title: Enabling AI-powered generic secret detection
+shortTitle: Enable generic secret detection
+intro: 'You can enable AI-powered generic secret detection for your repository. Alerts for generic secrets, such as passwords, are displayed in a separate list on the {% data variables.product.prodname_secret_scanning %} alerts page.'
+versions:
+  feature: secret-scanning-ai-generic-secret-detection
+type: how_to
+topics:
+  - Secret scanning
+  - Advanced Security
+  - AI
+---
+
+{% data reusables.secret-scanning.generic-secret-detection-ai %}
+
+## Enabling AI-powered generic secret detection for your repository
+
+To use generic secret detection, your enterprise owner must first set a policy at the enterprise level.
+
+You can then enable the feature in the "Code security and analysis" settings page of your repository.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+1. Under "Secret scanning", select the checkbox next to "Use AI detection to find additional secrets".
+
+For information on how to view alerts for generic secrets that have been detected using AI, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#viewing-alerts-for-generic-secrets-detected-using-ai)."
+
+## Further reading
+
+- [AUTOTITLE](/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning)
+- [AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)

content/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md

@@ -0,0 +1,51 @@
+---
+title: Generating regular expressions for custom patterns with AI
+shortTitle: Use the regular expression generator
+intro: 'You can use the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} to generate regular expressions for custom patterns. The generator uses an AI model to generate expressions that match your input, and optionally example strings.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+  feature: secret-scanning-custom-pattern-ai-generated
+type: how_to
+topics:
+  - Advanced Security
+  - Secret scanning
+  - AI
+---
+{% data reusables.secret-scanning.beta-custom-pattern-regular-expression-generator %}
+
+## About the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}
+
+Custom patterns are formatted as regular expressions. You can manually type in a regular expression on {% data variables.product.prodname_dotcom %}, or you can use the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}. {% data reusables.secret-scanning.regular-expression-generator-overview %}
+
+For instructions on how to generate a regular expression manually for your repository or organization, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+
+For more information about the generator, see "[AUTOTITLE](/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns)."
+
+## Generating a regular expression for a repository using the generator
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
+{% data reusables.advanced-security.secret-scanning-generate-regular-expression-custom-pattern %}
+1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
+{% data reusables.advanced-security.secret-scanning-dry-run-results %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
+
+{% data reusables.secret-scanning.link-to-push-protection %}
+
+## Generating a regular expression for an organization using the generator
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
+{% data reusables.advanced-security.secret-scanning-generate-regular-expression-custom-pattern %}
+1. When you're ready to test your new custom pattern, to identify matches in selected repositories without creating alerts, click **Save and dry run**.
+{% data reusables.advanced-security.secret-scanning-dry-run-select-repos %}
+{% data reusables.advanced-security.secret-scanning-dry-run-results %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
+
+{% data reusables.secret-scanning.link-to-push-protection %}

content/code-security/secret-scanning/index.md

@@ -20,8 +20,12 @@ children:
   - /secret-scanning-partner-program
   - /configuring-secret-scanning-for-your-repositories
   - /defining-custom-patterns-for-secret-scanning
+  - /about-the-regular-expression-generator-for-custom-patterns
+  - /generating-regular-expressions-for-custom-patterns-with-ai
   - /managing-alerts-from-secret-scanning
   - /secret-scanning-patterns
+  - /about-the-detection-of-generic-secrets-with-secret-scanning
+  - /enabling-ai-powered-generic-secret-detection
   - /push-protection-for-repositories-and-organizations
   - /push-protection-for-users
   - /pushing-a-branch-blocked-by-push-protection

content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md

@@ -168,6 +168,29 @@ Tokens, like {% data variables.product.pat_generic %} and other credentials, are
 
 {% endif %}
 
+{% ifversion secret-scanning-ai-generic-secret-detection %}
+
+## Viewing alerts for generic secrets detected using AI
+
+{% data reusables.secret-scanning.generic-secret-detection-ai %}
+
+When you enable AI-powered generic secret detection for your repository, {% data variables.product.prodname_secret_scanning %} will scan for unstructured secrets, such as passwords, in your source code and generate alerts.
+
+Once a potential password is identified, an alert is displayed in a separate list on the {% data variables.product.prodname_secret_scanning %} alerts page (under the **Security** tab of the repository). The separate view makes it easier for you to triage and verify the validity of the findings.
+
+To see the separate list of alerts for generic secrets, you must to toggle to "Other" on the alerts page. Each alert notes that it was detected using AI.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**.
+1. On the top right corner of the list of {% data variables.product.prodname_secret_scanning %} alerts, toggle to "Other".
+
+   ![Screenshot of the {% data variables.product.prodname_secret_scanning %} alert index view for a repository. A toggle, titled "Other", is highlighted in a dark orange outline.](/assets/images/help/repository/secret-scanning-ai-other-toggle.png)
+
+For more information about the feature and its limitations, see "[AUTOTITLE](/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning)." For information on how to enable the feature for your repository, see "[AUTOTITLE](/code-security/secret-scanning/enabling-ai-powered-generic-secret-detection)."
+
+{% endif %}
+
 ## Securing compromised secrets
 
 Once a secret has been committed to a repository, you should consider the secret compromised. {% data variables.product.prodname_dotcom %} recommends the following actions for compromised secrets:

content/code-security/security-overview/about-security-overview.md

@@ -1,6 +1,6 @@
 ---
 title: About security overview
-intro: 'You can view summaries of alerts for repositories owned by your organization and identify areas of high security risk. {% ifversion security-overview-org-risk-coverage %}You can also monitor adoption of code security features across your organization.{% endif %}'
+intro: 'You can gain insights into the overall security landscape of your organization and view summaries of alerts for repositories owned by your organization. {% ifversion security-overview-org-risk-coverage %}You can also monitor adoption of code security features across your organization.{% endif %}'
 permissions: '{% data reusables.security-overview.permissions %}'
 product: '{% data reusables.gated-features.security-overview %}'
 redirect_from:
@@ -30,10 +30,18 @@ topics:
 {% data reusables.security-overview.about-security-overview %} {% ifversion fpt %}For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/security-overview/about-security-overview).{% endif %}
 
 {% ifversion ghec or ghes or ghae %}
-Security overview shows which security features are enabled for repositories, and includes repository and alert-focused views so you can quickly investigate security issues and take action to remediate them.
+
+{% note %}
+
+**Note:** Security overview shows information and metrics for the default branches of an organization's repositories.
+  
+{% endnote %}
+
+Security overview shows which security features are enabled for repositories and includes repository and alert-focused views so you can quickly investigate security issues and take action to remediate them.
 
 - Risk and coverage information about {% data variables.product.prodname_dependabot %} features and alerts is shown for all repositories.
-- Risk and coverage information for {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for enterprises that use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghec %} and for public repositories{% endif %}.
+- Risk and coverage information for {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for enterprises that use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghec %} and for public repositories{% endif %}.{% ifversion security-overview-dashboard %}
+- An organization-level dashboard of insights from security features is shown for enterprise-owned organizations that use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghec %} and for public repositories{% endif %}.{% endif %}
 
 For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies)" and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
 
@@ -55,7 +63,7 @@ There are also dedicated views for each type of security alert that you can use
 
 ## About security overview for organizations
 
-The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %} For example, the team can use the "Security coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Security risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}. {% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %} {% ifversion code-security-multi-repo-enablement %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."{% endif %}
+The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %} For example, {% ifversion security-overview-dashboard %}the team can use the "Overview" dashboard view (beta) to track your organization's security landscape and progression{% else %}the team can use the "Coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}{% endif %}. {% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %} {% ifversion code-security-multi-repo-enablement %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."{% endif %}
 
 You can find security overview on the **Security** tab for any organization that's owned by an enterprise. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)."
 
@@ -63,11 +71,13 @@ You can find security overview on the **Security** tab for any organization that
 
 Security overview has multiple views that provide different ways to explore enablement and alert data.
 
-- Use "Security coverage" to assess the adoption of code security features across repositories in the organization.
-- Use "Security risk" to assess the risk from security alerts of all types for one or more repositories in the organization.
+{% ifversion security-overview-dashboard %}
+- Use "Overview" to view insights about your organization's security landscape and progress.{% endif %}
+- Use "Coverage" to assess the adoption of code security features across repositories in the organization.
+- Use "Risk" to assess the risk from security alerts of all types for one or more repositories in the organization.
 - Use the individual security alert views to identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets.
 
-For more information about these views, see "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)" and "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."
+For more information about these views, see {% ifversion security-overview-dashboard %}"[AUTOTITLE](/code-security/security-overview/viewing-security-insights-for-your-organization),"{% endif %}"[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)" and "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."
 
 {% else %}
 
@@ -75,7 +85,7 @@ For more information about these views, see "[AUTOTITLE](/code-security/security
 
 ![Screenshot of security overview for an organization.](/assets/images/help/security-overview/security-overview-org-legacy.png)
 
-Each repository is shown in security overview with an indicator for each type of security feature and how many alerts there are of each type. If a security feature is not enabled for a repository, the indicator for that feature will be grayed out. In addition, a risk score is calculated for each repository based on its code scanning, Dependabot and secret scanning alerts. This score is in beta and should be used with caution. Its algorithm and approach is subject to change.
+Each repository is shown in security overview with an indicator for each type of security feature and how many alerts there are of each type. If a security feature is not enabled for a repository, the indicator for that feature will be grayed out. In addition, a risk score is calculated for each repository based on its {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_dependabot %} and {% data variables.secret-scanning.alerts %}. This score is in beta and should be used with caution. Its algorithm and approach is subject to change.
 
 | Indicator | Meaning |
 | -------- | -------- |
@@ -95,8 +105,8 @@ You can find security overview on the **Code Security** tab for your enterprise.
 
 As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore enablement and alert data.
 
-- Use the "Security coverage" view to assess the adoption of code security features across organizations in the enterprise.
-- Use the "Security risk" view to assess the risk from security alerts of all types across organizations in the enterprise.
+- Use the "Coverage" view to assess the adoption of code security features across organizations in the enterprise.
+- Use the "Risk" view to assess the risk from security alerts of all types across organizations in the enterprise.
 - Use the individual security alert views to identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets.{% else %}You can view repositories owned by your enterprise that have security alerts, view all security alerts, or view security feature-specific alerts from across your enterprise.{% endif %}
 
 For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)."
@@ -123,6 +133,24 @@ If you are an owner or security manager for an organization, you can see data fo
 
 If you are an organization member, you can view security overview for the organization and see data for repositories where you have access.{% ifversion security-overview-org-risk-coverage-enterprise %} You can view this data in the organization-level overview, but you cannot access the enterprise-level overview.{% endif %}
 
+{% note %}
+
+**Note:** To ensure a consistent and responsive experience, for organization members, the organization-level security overview pages will only display results from the most recently updated 3,000 repositories. If your results have been restricted, a notification will appear at the top of the page. Organization owners and security managers will see results from all repositories.
+
+{% endnote %}
+
+{% ifversion security-overview-dashboard %}
+{% rowheaders %}
+
+| Organization member with | Overview dashboard (beta) view | Risk and alerts views | Coverage view |
+|--------------------|-------------|---------------------|---------|
+| `admin` access for one or more repositories | View data for those repositories | View data for those repositories |  View data for those repositories |
+| `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access for those repositories |
+| Security alert access for one or more repositories | View all security alert data for those repositories | View all security alert data for those repositories | No access for those repositories
+| Custom organization role with permission to view one or more types of security alert | View allowed alert data for all repositories |  View allowed alert data for all repositories in all views  | No access |
+
+{% endrowheaders %}
+{% else %}
 {% rowheaders %}
 
 | Organization member with | Risk and alerts views | Coverage view |
@@ -133,6 +161,7 @@ If you are an organization member, you can view security overview for the organi
 | Custom organization role with permission to view one or more types of security alert |  View allowed alert data for all repositories in all views  | No access |
 
 {% endrowheaders %}
+{% endif %}
 
 For more information about access to security alerts and related views, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" and "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles#security)."
 

content/code-security/security-overview/assessing-adoption-code-security.md

@@ -34,7 +34,7 @@ You can download a CSV file of the data displayed on the "Security coverage" pag
 
 {% ifversion dependabot-updates-paused-enterprise-orgs %}
 
-In the list of repositories, the "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot %} updates are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %}
+In the list of repositories, the "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot_updates %} are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %}
 
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.security-overview %}
@@ -80,8 +80,8 @@ In the enterprise-level view, you can view data about the enablement of features
 
 ## Interpreting and acting on the enablement data
 
-Some code security features can and should be enabled on all repositories. For example, secret scanning alerts and push protection. These features reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+Some code security features can and should be enabled on all repositories. For example, {% data variables.secret-scanning.alerts %} and push protection. These features reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
 
-Other features are not available for use in all repositories. For example, there would be no point in enabling Dependabot or code scanning for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.
+Other features are not available for use in all repositories. For example, there would be no point in enabling {% data variables.product.prodname_dependabot %} or {% data variables.product.prodname_code_scanning %} for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.
 
 Your enterprise may also have configured policies to limit the use of some code security features. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."

content/code-security/security-overview/filtering-alerts-in-security-overview.md

@@ -58,7 +58,7 @@ In the enterprise-level views, you can filter the data by organization.
 
 ## Filter by whether security features are enabled
 
-In the examples below, replace `:enabled` with `:not-enabled` to see repositories where security features are not enabled. These qualifiers are available in the main summary views.
+In the examples below, replace `:enabled` with `:not-enabled` to see repositories where security features are not enabled. These qualifiers are available in the "Security risk" and "Security coverage" views.
 
 | Qualifier | Description |
 | -------- | -------- |
@@ -77,13 +77,13 @@ The organization-level "Security coverage" view includes extra filters.
 | -------- | -------- | {% ifversion ghec or ghes > 3.8 %}
 | `advanced-security:enabled` | Display repositories that have enabled {% data variables.product.prodname_GH_advanced_security %}. | {% endif %}
 | `code-scanning-pull-request-alerts:enabled`| Display repositories that have configured {% data variables.product.prodname_code_scanning %} to run on pull requests. |
-| `dependabot-security-updates:enabled` | Display repositories that have enabled {% data variables.product.prodname_dependabot %} security updates.  |
+| `dependabot-security-updates:enabled` | Display repositories that have enabled {% data variables.product.prodname_dependabot_security_updates %}.  |
 | `secret-scanning-push-protection:enabled` | Display repositories that have enabled push protection for {% data variables.product.prodname_secret_scanning %}. |
 {% endif %}
 
 ## Filter by repository type
 
-These qualifiers are available in the main summary views.
+All of these qualifiers are available in the "Security risk" and "Security coverage" views. {% ifversion security-overview-dashboard %}For the "Overview" dashboard (beta) view, only the `archived:` filter is available.{% endif %}
 
 | Qualifier | Description |
 | -------- | -------- |
@@ -148,6 +148,25 @@ These qualifiers are available in the main summary views{% ifversion security-ov
 | -------- | -------- |
 | `topic:TOPIC-NAME` | Displays repositories that are classified with TOPIC-NAME. For more information on repository topics, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics)." |
 
+{% ifversion security-overview-dashboard %}
+
+## Additional filters for security overview dashboard (beta)
+
+{% data reusables.security-overview.beta %}
+
+You can filter the "Overview" dashboard (beta) to narrow the scope of the metrics shown, so that you can view trends for specific repository or alert types. For more information on the overview dashboard, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights-for-your-organization)."
+
+| Qualifier | Description |
+| -------- | -------- |
+|`visibility:public`|Displays metrics only for public repositories.|
+|`visibility:internal`|Displays metrics only for internal repositories.|
+|`visibility:private`|Displays metrics only for private repositories.|
+|`tool:codeql`|Displays metrics for {% data variables.product.prodname_code_scanning %} alerts generated using {% data variables.product.prodname_codeql %} analysis.|
+|`tool:dependabot`|Displays metrics for {% data variables.product.prodname_dependabot_alerts %}.|
+|`tool:secret-scanning`|Displays metrics for {% data variables.product.prodname_secret_scanning %} alerts.|
+
+{% endif %}
+
 {% ifversion security-overview-dependabot-acv %}
 
 ## Additional filters for {% data variables.product.prodname_dependabot %} alert views
@@ -157,8 +176,8 @@ You can filter the view to show {% data variables.product.prodname_dependabot_al
 | Qualifier | Description |
 | -------- | -------- |
 {% ifversion dependabot-alerts-vulnerable-calls or ghes or ghae -%}
-|`has:patch`|Displays {% data variables.product.prodname_dependabot %} alerts for vulnerabilities where a secure version is already available.|
-|`has:vulnerable-calls`|Displays {% data variables.product.prodname_dependabot %} alerts where at least one call from the repository to a vulnerable function is detected. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#about-the-detection-of-calls-to-vulnerable-functions)."|
+|`has:patch`|Displays {% data variables.product.prodname_dependabot_alerts %} for vulnerabilities where a secure version is already available.|
+|`has:vulnerable-calls`|Displays {% data variables.product.prodname_dependabot_alerts %} where at least one call from the repository to a vulnerable function is detected. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#about-the-detection-of-calls-to-vulnerable-functions)."|
 {% endif -%}
 |`ecosystem:ECOSYSTEM-NAME`|Displays {% data variables.product.prodname_dependabot_alerts %} detected in the specified ecosystem.|
 |`is:open`|Displays open {% data variables.product.prodname_dependabot_alerts %}.|
@@ -187,7 +206,7 @@ You can filter the view to show {% data variables.product.prodname_dependabot_al
 
 ## Additional filters for {% data variables.product.prodname_code_scanning %} alert views
 
-All code scanning alerts have one of the categories shown below. You can click any result to see full details of the relevant query and the line of code that triggered the alert.
+All {% data variables.product.prodname_code_scanning %} alerts have one of the categories shown below. You can click any result to see full details of the relevant query and the line of code that triggered the alert.
 
 | Qualifier | Description |
 | -------- | -------- |
@@ -218,18 +237,18 @@ All code scanning alerts have one of the categories shown below. You can click a
 |`provider:PROVIDER-NAME` | Displays alerts for all secrets issues by the specified provider.  |
 | `secret-type:PROVIDER-PATTERN` | Displays alerts for the specified secret and provider. |
 | `secret-type:CUSTOM-PATTERN` | Displays alerts for secrets matching the specified custom pattern.  |
-|`is:open`|Displays open {% data variables.product.prodname_secret_scanning %} alerts.|
-|`is:closed`|Displays closed {% data variables.product.prodname_secret_scanning %} alerts.|
-|`resolution:false-positive`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "false positive."|
-|`resolution:pattern-deleted`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "pattern deleted."|
-|`resolution:pattern-edited`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "pattern edited."|
-|`resolution:revoked`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "revoked."|
-|`resolution:used-in-tests`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "used in tests."|
-|`resolution:wont-fix`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "won't fix."|
-|`sort:created-desc`|Displays {% data variables.product.prodname_secret_scanning %} alerts from newest to oldest.|
-|`sort:created-asc`|Displays {% data variables.product.prodname_secret_scanning %} alerts from oldest to newest.|
-|`sort:updated-desc`|Displays {% data variables.product.prodname_secret_scanning %} alerts from most recently updated to least recently updated.|
-|`sort:updated-asc`|Displays {% data variables.product.prodname_secret_scanning %} alerts from least recently updated to most recently updated.|
+|`is:open`|Displays open {% data variables.secret-scanning.alerts %}.|
+|`is:closed`|Displays closed {% data variables.secret-scanning.alerts %}.|
+|`resolution:false-positive`|Displays {% data variables.secret-scanning.alerts %} closed as "false positive."|
+|`resolution:pattern-deleted`|Displays {% data variables.secret-scanning.alerts %} closed as "pattern deleted."|
+|`resolution:pattern-edited`|Displays {% data variables.secret-scanning.alerts %} closed as "pattern edited."|
+|`resolution:revoked`|Displays {% data variables.secret-scanning.alerts %} closed as "revoked."|
+|`resolution:used-in-tests`|Displays {% data variables.secret-scanning.alerts %} closed as "used in tests."|
+|`resolution:wont-fix`|Displays {% data variables.secret-scanning.alerts %} closed as "won't fix."|
+|`sort:created-desc`|Displays {% data variables.secret-scanning.alerts %} from newest to oldest.|
+|`sort:created-asc`|Displays {% data variables.secret-scanning.alerts %} from oldest to newest.|
+|`sort:updated-desc`|Displays {% data variables.secret-scanning.alerts %} from most recently updated to least recently updated.|
+|`sort:updated-asc`|Displays {% data variables.secret-scanning.alerts %} from least recently updated to most recently updated.|
 
 For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns)."
 {% endif %}

content/code-security/security-overview/index.md

@@ -14,6 +14,7 @@ topics:
   - Advanced Security
 children:
   - /about-security-overview
+  - /viewing-security-insights-for-your-organization
   - /assessing-adoption-code-security
   - /assessing-code-security-risk
   - /filtering-alerts-in-security-overview

content/code-security/security-overview/viewing-security-insights-for-your-organization.md

@@ -0,0 +1,112 @@
+---
+title: Viewing security insights for your organization
+shortTitle: Viewing security insights
+intro: 'You can use the overview dashboard in security overview to monitor the security landscape of the repositories in your organization.'
+permissions: '{% data reusables.security-overview.permissions %}'
+product: '{% data reusables.gated-features.security-overview %}'
+versions:
+  feature: security-overview-dashboard
+type: how_to
+topics:
+  - Security overview
+  - Advanced Security
+  - Alerts
+  - Organizations
+---
+
+{% data reusables.security-overview.beta-overview-dashboard %}
+
+## About organization-level security insights
+
+The overview page in security overview is a consolidated dashboard of insights about your organization's security landscape and progress. You can use the dashboard to monitor the health of your application security program, collaborate with engineering teams, and gather data for benchmarking purposes.
+
+You can view a variety of metrics about the security alerts in your organization. The dashboard displays trending data that tracks alert counts and activity over time, as well as snapshot data that reflects the current state.
+
+- The top section of the dashboard shows information about the status and age of alerts in your organization, as well as data about secrets that have been blocked or bypassed.
+- The "Remediation" section shows information about how alerts are resolved and alert activity over time.
+- The "Impact analysis" section shows the repositories that pose the highest potential security risk in your organization.
+
+You can filter the overview dashboard by selecting a specific time period, and apply additional filters to focus on narrower areas of interest. All data and metrics across the dashboard will change as you apply filters. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+
+Enterprise members can access the overview page for organizations in their enterprise. The metrics you see will depend on your role and repository permissions. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
+
+### Limitations
+
+The data that populates the overview page can and will change over time due to various factors, such as repository deletion or modifications to a security advisory. This means that the overview metrics for the same time period could vary if viewed at two different times. For compliance reports or other scenarios where data consistency is crucial, we recommend that you source data from the audit log. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)."
+  
+Keep in mind that the overview page tracks changes over time for security alert data only. If you filter the page by non-alert attributes, such as repository status, the data you see will reflect the current state of those attributes, instead of the historical state. For example, consider that you archived a repository that contains open security alerts, an action which closes the alerts. If you then view the overview page for the week before you archived the repository, the alert data for the repository will only appear when you filter to show data from archived repositories, because the current state of the repository is archived. However, the alerts will appear as open, since they were open during that time period and the overview page tracks the historical state of alerts.
+
+## Viewing the security overview dashboard
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+1. The overview page is the primary view that you will see after clicking on the "Security" tab. To get to the dashboard from another security overview page, in the sidebar, click **{% octicon "graph" aria-hidden="true"  %} Overview**.
+1. Use the options at the top of the overview page to filter the group of alerts you want to see metrics for. All of the data and metrics on the page will change as you adjust the filters.
+   - Use the date picker to set the time range that you want to view alert activity and metrics for.
+   - Click in the search box to add further filters on the alerts and metrics displayed.
+  
+    ![Screenshot of the overview page in security overview for an organization. The options for filtering are outlined in dark orange, including the date picker and search field.](/assets/images/help/security-overview/security-overview-dashboard-filters.png)
+
+1. For the alert trends graph at the top of the page, you can click **{% octicon "shield" aria-hidden="true"  %} Open alerts** or **{% octicon "shield-x" aria-hidden="true"  %} Closed alerts** to toggle between showing the trends for open or closed alerts. The toggle will only affect the alert trends graph. For more information, see "[Alert trends graph](#alert-trends-graph)."
+
+## Understanding the overview dashboard
+
+- [Alert trends graph](#alert-trends-graph)
+- [Age of alerts](#age-of-alerts)
+- [Secrets bypassed or blocked](#secrets-bypassed-or-blocked)
+- [Mean time to remediate](#mean-time-to-remediate)
+- [Net resolve rate](#net-resolve-rate)
+- [Alert activity graph](#alert-activity-graph)
+- [Impact analysis for repositories](#impact-analysis-for-repositories)
+  
+### Alert trends graph
+
+The alert trends graph shows the change in the number of alerts in your organization over the time period you have chosen. Alerts are grouped by severity. You can toggle the graph between open and closed alerts.
+
+Open alerts include both newly created and existing open security alerts. New alerts are represented on their creation date, while alerts that existed before the chosen time period are represented at the start of the period. Once an alert is remediated or dismissed, it is not included in the graph. Instead, the alert will move to the closed alerts graph.
+
+Closed alerts include security alerts that have been successfully remediated or dismissed prior to or during the chosen time period. Alerts closed during the time period are represented on the graph on their closed date, while alerts remediated or dismissed before the chosen time period are represented at the start of the period.
+
+### Age of alerts
+
+The "Age of alerts" metric is the average age of all alerts that are still open at the end of the chosen time period.
+
+The age of each open alert is calculated by subtracting the date the alert was created from the date that the chosen time period ends. For reopened alerts, the age is calculated by subtracting the original created date rather than the date the alert was reopened.
+
+### Secrets bypassed or blocked
+
+The "Secrets bypassed / blocked" metric shows the ratio of secrets bypassed to the total secrets blocked by push protection.
+
+You can also see how many secrets were successfully blocked, which is calculated by subtracting the number of secrets bypassed from the total number of secrets blocked by push protection. A secret is considered to have been successfully blocked when it has been corrected, and not committed to the repository.
+
+For more information on secret scanning push protection metrics, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization)."
+
+### Mean time to remediate
+
+The "Mean time to remediate" metric is the average age of all alerts that were remediated or dismissed in the chosen time period. Alerts that were closed as "false positive" are excluded.
+
+The age of each closed alert is calculated by subtracting the date the alert was created from the the date that the alert was last closed during the chosen time period. For reopened alerts, the age is calculated by subtracting the original created date rather than the date the alert was reopened.
+
+### Net resolve rate
+
+The "Net resolve rate" metric is the rate at which alerts are being closed. This metric is similar to measuring "developer velocity", reflecting the speed and efficiency with which alerts are resolved.
+
+The rate is calculated by dividing the number of alerts that were closed and remained closed during the chosen time period, by the number of alerts created during the time period.
+
+{% note %}
+
+**Note:** The net resolve rate takes into account any new and any closed alerts during the chosen time period. This means that the set of new alerts and set of closed alerts used for the calculation do not necessarily correspond, since they may represent different populations of alerts.
+  
+{% endnote %}
+
+Alerts that are reopened and re-closed during the chosen time period are ignored.
+
+### Alert activity graph
+
+Expanding on the alert trends graph, the alert activity graph shows you alert inflows and outflows over your chosen time period.
+
+Green bars represent the number of new alerts created during the segmented time period. Purple bars represent the number of alerts that were closed during the segmented time period. The blue dotted line represents the net alert activity, which is the difference between new and closed alerts.
+
+### Impact analysis for repositories
+
+The impact analysis table shows the top 10 repositories with the most open alerts as of the end of the chosen time period, ranked by the total number of open alerts. For each repository, the total number of open alerts is shown alongside a breakdown by severity.

content/codespaces/reference/using-github-copilot-in-github-codespaces.md

@@ -16,7 +16,7 @@ redirect_from:
   - /codespaces/codespaces-reference/using-github-copilot-in-github-codespaces
 ---
 
-[{% data variables.product.prodname_copilot %}](https://copilot.github.com/) is an AI pair programmer that you can use in any codespace that you open in the {% data variables.product.prodname_vscode_shortname %} web client or desktop application. For more information about {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-individuals)."
+[{% data variables.product.prodname_copilot %}](https://copilot.github.com/) is an AI pair programmer that you can use in any codespace that you open in the {% data variables.product.prodname_vscode_shortname %} web client or desktop application. For more information about {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)."
 
 To start using {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_github_codespaces %}, install the [{% data variables.product.prodname_copilot %} extension from the {% data variables.product.prodname_vscode_marketplace %}](https://marketplace.visualstudio.com/items?itemName=GitHub.copilot).
 

content/copilot/configuring-github-copilot/configuring-github-copilot-settings-on-githubcom.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring GitHub Copilot settings on GitHub.com
-intro: 'You can configure {% data variables.product.prodname_copilot %}''s behavior on {% data variables.product.prodname_dotcom_the_website %}, which affects how {% data variables.product.prodname_copilot %} functions in any IDE that you use.'
+intro: 'You can change your personal settings on {% data variables.product.prodname_dotcom_the_website %} to configure {% data variables.product.prodname_copilot %}''s behavior. This affects how {% data variables.product.prodname_copilot %} functions in any supported IDE you use.'
 product: '{% data reusables.gated-features.copilot %}'
 permissions: 'People with individual {% data variables.product.prodname_copilot %} subscriptions can configure their settings on {% data variables.product.prodname_dotcom_the_website %}.'
 topics:

content/copilot/getting-started-with-github-copilot.md

@@ -52,26 +52,9 @@ If you use a JetBrains IDE, you can view and incorporate suggestions from {% dat
 
   For more information, see the [JetBrains IDEs](https://www.jetbrains.com/products/) tool finder.
 
-## Installing the {% data variables.product.prodname_copilot %} extension in your JetBrains IDE
+## Installing the {% data variables.product.prodname_copilot %} plugin in your JetBrains IDE
 
-To use {% data variables.product.prodname_copilot %} in a JetBrains IDE, you must install the {% data variables.product.prodname_copilot %} extension. The following procedure will guide you through installation of the {% data variables.product.prodname_copilot %} plugin in IntelliJ IDEA. Steps to install the plugin in another supported IDE may differ.
-
-1. In your JetBrains IDE, under the **File** menu for Windows or under the name of your IDE for Mac (for example, **PyCharm** or **IntelliJ**), click **Settings** for Windows or **Preferences** for Mac.
-1. In the left-side menu of the **Settings/Preferences** dialog box, click **Plugins**.
-1. At the top of the **Settings/Preferences** dialog box, click **Marketplace**. In the search bar, search for **{% data variables.product.prodname_copilot %}**, then click **Install**.
-
-   ![Screenshot of the "Preferences" window. A tab labeled "Marketplace" is highlighted with an orange outline. In a list of search results, the installed "GitHub Copilot" plugin is marked by a selected checkbox.](/assets/images/help/copilot/jetbrains-marketplace.png)
-1. After {% data variables.product.prodname_copilot %} is installed, click **Restart IDE**.
-1. After your JetBrains IDE has restarted, click the **Tools** menu. Click **{% data variables.product.prodname_copilot %}**, then click **Login to {% data variables.product.prodname_dotcom %}**.
-
-    ![Screenshot of the expanded "Tools" menu and "{% data variables.product.prodname_copilot %}" sub-menu. The "Login to {% data variables.product.prodname_dotcom %}" option is highlighted in blue.](/assets/images/help/copilot/jetbrains-tools-menu.png)
-
-1. In the "Sign in to {% data variables.product.prodname_dotcom %}" dialog box, to copy the device code and open the device activation window, click **Copy and Open**.
-
-    ![Screenshot of the "Sign in to {% data variables.product.prodname_dotcom %}" dialog. A device code is displayed above a button labeled "Copy and Open".](/assets/images/help/copilot/device-code-copy-and-open.png)
-1. A device activation window will open in your browser. Paste the device code, then click **Continue**.
-1. {% data variables.product.prodname_dotcom %} will request the necessary permissions for {% data variables.product.prodname_copilot %}. To approve these permissions, click **Authorize {% data variables.product.prodname_copilot %} Plugin**.
-1. After the permissions have been approved, your JetBrains IDE will show a confirmation. To begin using {% data variables.product.prodname_copilot %}, click **OK**.
+{% data reusables.copilot.installing-copilot-in-jetbrains-ide %}
 
 ## Seeing your first suggestion
 
@@ -273,6 +256,14 @@ To use {% data variables.product.prodname_copilot %}, you must first install the
 
 {% data reusables.copilot.accept-suggestion %}
 
+{% note %}
+
+**Note**: If you don't see a suggestion, make sure {% data variables.product.prodname_copilot %} is enabled. You should see the {% data variables.product.prodname_copilot_short %} icon at the bottom right of the {% data variables.product.prodname_vscode %} window.
+
+{% data reusables.copilot.content-exclusion-tooltip %}
+
+{% endnote %}
+
 ## Seeing alternative suggestions
 
 {% data reusables.copilot.alternative-suggestions %}
@@ -453,7 +444,7 @@ To use {% data variables.product.prodname_copilot %}, you must first install the
    ```sql copy
    SELECT [UserId], [Red], [Orange], [Yellow], [Green], [Blue], [Purple], [Rainbow]
    FROM [Tag].[Scoreboard]
-   INNER JOIN 
+   INNER JOIN
    ```
 
 {% data reusables.copilot.accept-suggestion %}
@@ -468,7 +459,7 @@ For some suggestions, {% data variables.product.prodname_copilot %} may provide
    ```sql copy
    SELECT [UserId], [Red], [Orange], [Yellow], [Green], [Blue], [Purple], [Rainbow]
    FROM [Tag].[Scoreboard]
-   INNER JOIN 
+   INNER JOIN
    ```
 
 1. Optionally, you can see alternative suggestions, if any are available.
@@ -511,4 +502,4 @@ For some suggestions, {% data variables.product.prodname_copilot %} may provide
 ## Further reading
 
 - [The {% data variables.product.prodname_copilot %} website](https://copilot.github.com/)
-- [About {% data variables.product.prodname_copilot_for_individuals %}](/copilot/overview-of-github-copilot/about-github-copilot-for-individuals#about-the-license-for-the-github-copilot-plugin-in-jetbrains-ides)
+- [About {% data variables.product.prodname_copilot_for_individuals %}](/copilot/overview-of-github-copilot/about-github-copilot-individual#about-the-license-for-the-github-copilot-plugin-in-jetbrains-ides)

content/copilot/github-copilot-chat/about-github-copilot-chat.md

@@ -1,6 +1,6 @@
 ---
 title: About GitHub Copilot Chat
-intro: '{% data variables.product.prodname_copilot_chat %} can help you by providing answers to coding related questions directly within a supported IDE.'
+intro: '{% data variables.product.prodname_copilot_chat %} can help you by providing answers to coding related questions {% ifversion ghec %}on {% data variables.product.prodname_dotcom_the_website %} or{% endif %} directly within a supported IDE.'
 redirect_from:
   - /early-access/copilot/github-copilot-chat-transparency-note
   - /early-access/copilot/github-copilot-chat-technical-preview-license-terms
@@ -10,115 +10,25 @@ versions:
 topics:
   - Copilot
 shortTitle: About Copilot Chat
+type: rai
 ---
 
 ## About {% data variables.product.prodname_copilot_chat %}
 
-{% data variables.product.prodname_copilot_chat %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %}, to ask and receive answers to coding-related questions from directly within a supported IDE. The chat interface provides access to coding information and support without requiring you to navigate documentation or search online forums. {% data variables.product.prodname_copilot_chat_short %} is currently supported in {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_vs %}. For more information about {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-individuals)" and "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-business)."
+{% data variables.product.prodname_copilot_chat %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %}, to ask and receive answers to coding-related questions within {% data variables.product.prodname_dotcom_the_website %} and supported IDEs. The chat interface provides access to coding information and support without requiring you to navigate documentation or search online forums. {% data variables.product.prodname_copilot_chat_short %} is currently supported in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and the JetBrains suite of IDEs. {% ifversion ghec %}Users with a {% data variables.product.prodname_copilot_enterprise_short %} subscription can also use {% data variables.product.prodname_copilot_chat_dotcom %}.{% endif %} For more information about {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)" and "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-business)."{% ifversion ghec %} For more information about {% data variables.product.prodname_copilot_chat_dotcom %}, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom)."{% endif %}
 
 {% data variables.product.prodname_copilot_chat %} can answer a wide range of coding-related questions on topics including syntax, programming concepts, test cases, debugging, and more. {% data variables.product.prodname_copilot_chat %} is not designed to answer non-coding questions or provide general information on topics outside of coding.
 
 {% data variables.product.prodname_copilot_chat %} works by using a combination of natural language processing and machine learning to understand your question and provide you with an answer. This process can be broken down into a number of steps.
 
-### Input processing
-
-The input prompt from the user is pre-processed by the {% data variables.product.prodname_copilot_chat_short %} system and sent to a large language model to get a response based on the context and prompt. User input can take the form of code snippets or plain language. The system is only intended to respond to coding-related questions.
-
-### Language model analysis
-
-The pre-processed prompt is then passed through the {% data variables.product.prodname_copilot_chat_short %} language model, which is a neural network that has been trained on a large body of text data. The language model analyzes the input prompt.
-
-### Response generation
-
-The language model generates a response based on its analysis of the input prompt. This response can take the form of generated code, code suggestions, or explanations of existing code.
-
-### Output formatting
-
-The response generated by {% data variables.product.prodname_copilot_chat_short %} is formatted and presented to the user. {% data variables.product.prodname_copilot_chat_short %} may use syntax highlighting, indentation, and other formatting features to add clarity to the generated response.
-
-{% data variables.product.prodname_copilot_chat %} is intended to provide you with the most relevant answer to your question. However, it may not always provide the answer you are looking for. Users of {% data variables.product.prodname_copilot_chat_short %} are responsible for reviewing and validating responses generated by the system to ensure they are accurate and appropriate. {% data variables.product.prodname_copilot_chat_short %} is also designed to learn from your feedback and improve over time. For more information on improving the performance of {% data variables.product.prodname_copilot_chat %}, see "[Improving performance for {% data variables.product.prodname_copilot_chat %}](/copilot/github-copilot-chat/about-github-copilot-chat#improving-performance-for-github-copilot-chat)."
-
-## Use cases for {% data variables.product.prodname_copilot_chat %}
-
-{% data variables.product.prodname_copilot_chat %} can provide coding assistance in a variety of scenarios.
-
-### Generating unit test cases
-
-{% data variables.product.prodname_copilot_chat_short %} can help write unit test cases by generating code snippets based on the code open in the editor or the code snippet you highlight in the editor. This may help you write test cases without spending as much time on repetitive tasks. For example, if you are writing a test case for a specific function, you can use {% data variables.product.prodname_copilot_chat_short %} to suggest possible input parameters and expected output values based on the function's signature and body. {% data variables.product.prodname_copilot_chat_short %} can also suggest assertions that ensure the function is working correctly, based on the code's context and semantics.
-
-{% data variables.product.prodname_copilot_chat_short %} can also help you write test cases for edge cases and boundary conditions that might be difficult to identify manually. For instance, {% data variables.product.prodname_copilot_chat_short %} can suggest test cases for error handling, null values, or unexpected input types, helping you ensure your code is robust and resilient. However, it is important to note that generated test cases may not cover all possible scenarios, and manual testing and code review are still necessary to ensure the quality of the code. For more information on generating unit test cases, see "[Asking {% data variables.product.prodname_copilot_chat %} questions about your code](/copilot/github-copilot-chat/using-github-copilot-chat#asking-github-copilot-chat-questions-about-your-code)."
-
-### Explaining code
-
-{% data variables.product.prodname_copilot_chat_short %} can help explain selected code by generating natural language descriptions of the code's functionality and purpose. This can be useful if you want to understand the code's behavior or for non-technical stakeholders who need to understand how the code works. For example, if you select a function or code block in the code editor, {% data variables.product.prodname_copilot_chat_short %} can generate a natural language description of what the code does and how it fits into the overall system. This can include information such as the function's input and output parameters, its dependencies, and its purpose in the larger application.
-
-By generating explanations and suggesting related documentation, {% data variables.product.prodname_copilot_chat_short %} may help you to understand the selected code, leading to improved collaboration and more effective software development. However, it's important to note that the generated explanations and documentation may not always be accurate or complete, so you'll need to review, and occasionally correct, {% data variables.product.prodname_copilot_chat_short %}'s output.
-
-### Proposing code fixes
-
-{% data variables.product.prodname_copilot_chat_short %} can propose a fix for bugs in your code by suggesting code snippets and solutions based on the context of the error or issue. This can be useful if you are struggling to identify the root cause of a bug or you need guidance on the best way to fix it. For example, if your code produces an error message or warning, {% data variables.product.prodname_copilot_chat_short %} can suggest possible fixes based on the error message, the code's syntax, and the surrounding code.
-
-{% data variables.product.prodname_copilot_chat_short %} can suggest changes to variables, control structures, or function calls that might resolve the issue and generate code snippets that can be incorporated into the codebase. However, it's important to note that the suggested fixes may not always be optimal or complete, so you'll need to review and test the suggestions.
-
-### Answering coding questions
-
-You can ask {% data variables.product.prodname_copilot_chat_short %} for help or clarification on specific coding problems and receive responses in natural language format or in code snippet format. This can be a useful tool for programmers, as it can provide guidance and support for common coding tasks and challenges.
-
-## Improving performance for {% data variables.product.prodname_copilot_chat %}
-
-{% data variables.product.prodname_copilot_chat_short %} can support a wide range of practical applications like code generation, code analysis, and code fixes, each with different performance metrics and mitigation strategies. To enhance performance and address some of the  the limitations of {% data variables.product.prodname_copilot_chat_short %}, there are various measures that you can adopt. For more information on the limitations of {% data variables.product.prodname_copilot_chat_short %}, see "[Limitations of {% data variables.product.prodname_copilot_chat %}](/copilot/github-copilot-chat/about-github-copilot-chat#limitations-of-github-copilot-chat)."
-
-### Keep your prompts on topic
-
-{% data variables.product.prodname_copilot_chat_short %} is intended to address queries related to coding exclusively. Therefore, limiting the prompt to coding questions or tasks can enhance the model's output quality.
-
-### Use {% data variables.product.prodname_copilot_chat_short %} as a tool, not a replacement
-
-While {% data variables.product.prodname_copilot_chat_short %} can be a powerful tool for generating code, it is important to use it as a tool rather than a replacement for human programming. You should always review and test the code generated by {% data variables.product.prodname_copilot_chat_short %} to ensure that it meets your requirements and is free of errors or security concerns.
-
-### Use secure coding and code review practices
-
-While {% data variables.product.prodname_copilot_chat_short %} can generate syntactically correct code, it may not always be secure. You should always follow best practices for secure coding, such as avoiding hard-coded passwords or SQL injection vulnerabilities, as well as following code review best practices, to address {% data variables.product.prodname_copilot_chat_short %}'s limitations.
-
-### Provide feedback
-
-If you encounter any issues or limitations with {% data variables.product.prodname_copilot_chat_short %}, we recommend that you provide feedback through the **share feedback** link in the {% data variables.product.prodname_copilot_chat_short %} interface of your IDE. This can help the developers to improve the tool and address any concerns or limitations.
-
-### Stay up to date
-
-{% data variables.product.prodname_copilot_chat_short %} is a new technology and is likely to evolve over time. You should stay up to date with any updates or changes to the tool, as well as any new security risks or best practices that may emerge. Automated extension updates are enabled by default in {% data variables.product.prodname_vscode %} and {% data variables.product.prodname_vs %}. If you have automatic updates enabled, {% data variables.product.prodname_copilot_chat_short %} will automatically update to the latest version when you open your IDE. For more information on automatic updates in your IDE, see [the {% data variables.product.prodname_vscode %} documentation](https://code.visualstudio.com/docs/editor/extension-marketplace) and [the {% data variables.product.prodname_vs %} documentation](https://learn.microsoft.com/en-us/visualstudio/ide/finding-and-using-visual-studio-extensions?view=vs-2022).
-
-## Limitations of {% data variables.product.prodname_copilot_chat %}
-
-Depending on factors such as your codebase and input data, you may experience different levels of performance when using {% data variables.product.prodname_copilot_chat_short %}. The following information is designed to help you understand system limitations and key concepts about performance as they apply to {% data variables.product.prodname_copilot_chat_short %}.
-
-### Limited scope
-
-{% data variables.product.prodname_copilot_chat_short %} has been trained on a large body of code but still has a limited scope and may not be able to handle more complex code structures or obscure programming languages. For each language, the quality of suggestions you receive may depend on the volume and diversity of training data for that language. For example, JavaScript is well-represented in public repositories and is one of {% data variables.product.prodname_copilot %}'s best supported languages. Languages with less representation in public repositories may be more challenging for {% data variables.product.prodname_copilot_chat_short %} to provide assistance with. Additionally, {% data variables.product.prodname_copilot_chat_short %} can only suggest code based on the context of the code being written, so it may not be able to identify larger design or architectural issues.
-
-### Potential biases
-
-{% data variables.product.prodname_copilot_short %}'s training data is drawn from existing code repositories, which may contain biases and errors that can be perpetuated by the tool. Additionally, {% data variables.product.prodname_copilot_chat_short %} may be biased towards certain programming languages or coding styles, which can lead to suboptimal or incomplete code suggestions.
-
-### Security risks
-
-{% data variables.product.prodname_copilot_chat_short %} generates code based on the context of the code being written, which can potentially expose sensitive information or vulnerabilities if not used carefully. You should be careful when using {% data variables.product.prodname_copilot_chat_short %} to generate code for security-sensitive applications and always review and test the generated code thoroughly.
-
-### Matches with public code
-
-{% data variables.product.prodname_copilot_chat_short %} is capable of generating new code, which it does in a probabilistic way. While the probability that it may produce code that matches code in the training set is low, a {% data variables.product.prodname_copilot_chat_short %} suggestion may contain some code snippets that match code in the training set. {% data variables.product.prodname_copilot_chat_short %} utilizes filters that block matches with public code on {% data variables.product.prodname_dotcom %} repositories, but you should always take the same precautions as you would with any code you write that uses material you did not independently originate, including precautions to ensure its suitability. These include rigorous testing, IP scanning, and checking for security vulnerabilities. You should make sure your IDE or editor does not automatically compile or run generated code before you review it.
-
-### Inaccurate code
-
-One of the limitations of {% data variables.product.prodname_copilot_chat_short %} is that it may generate code that appears to be valid but may not actually be semantically or syntactically correct or may not accurately reflect the intent of the developer. To mitigate the risk of inaccurate code, you should carefully review and test the generated code, particularly when dealing with critical or sensitive applications. You should also ensure that the generated code adheres to best practices and design patterns and fits within the overall architecture and style of the codebase.
-
-### Inaccurate responses to non-coding topics
-
-{% data variables.product.prodname_copilot_chat_short %} is not designed to answer non-coding questions, and therefore its responses may not always be accurate or helpful in these contexts. If a user asks {% data variables.product.prodname_copilot_chat_short %} a non-coding question, it may generate an answer that is irrelevant or nonsensical, or it may simply indicate that it is unable to provide a useful response.
+{% data reusables.copilot.about-copilot-chat %}
 
 ## Next steps
 
-- [Using {% data variables.product.prodname_copilot_chat %}](/copilot/github-copilot-chat/using-github-copilot-chat)
+For details of how to use {% data variables.product.prodname_copilot_chat %}, see:
+
+- "[AUTOTITLE](/copilot/github-copilot-chat/using-github-copilot-chat-in-your-ide)"
+- "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom)"{% ifversion fpt %} in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
 
 ## Further reading
 

content/copilot/github-copilot-chat/index.md

@@ -1,12 +1,12 @@
 ---
 title: GitHub Copilot Chat
 shortTitle: Copilot Chat
-intro: 'Learn about {% data variables.product.prodname_copilot_chat %}, including use cases, best practices, and limtations.'
+intro: 'Learn about {% data variables.product.prodname_copilot_chat %}, including use cases, best practices, and limitations.'
 versions:
   feature: copilot
 topics:
   - Copilot
 children:
   - /about-github-copilot-chat
-  - /using-github-copilot-chat
+  - /using-github-copilot-chat-in-your-ide
 ---

content/copilot/github-copilot-chat/using-github-copilot-chat-in-your-ide.md

@@ -1,5 +1,5 @@
 ---
-title: Using GitHub Copilot Chat
+title: Using GitHub Copilot Chat in your IDE
 intro: 'You can start using {% data variables.product.prodname_copilot_chat %} by installing the extension in your preferred environment.'
 product: '{% data reusables.gated-features.copilot-chat %}'
 topics:
@@ -26,7 +26,7 @@ shortTitle: Using Copilot Chat
 
 {% data reusables.copilot.enabling-copilot-chat-beta %}
 
-## Installing the {% data variables.product.prodname_vscode %} extension
+## Installing the {% data variables.product.prodname_copilot_chat %} extension in {% data variables.product.prodname_vscode %}
 
 To use {% data variables.product.prodname_copilot_chat %}, you must first install the {% data variables.product.prodname_copilot_chat %} extension for {% data variables.product.prodname_vscode %}.
 
@@ -107,7 +107,7 @@ To share feedback about {% data variables.product.prodname_copilot_chat %}, you
 
 - "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-copilot-pre-release-terms)"
 - "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot)"{% ifversion ghec %}
-- "[AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-for-business-privacy-statement)"{% endif %}
+- "[AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-business-privacy-statement)"{% endif %}
 - [{% data variables.product.prodname_copilot %} FAQ](https://github.com/features/copilot#faq)
 
 {% endvscode %}
@@ -128,7 +128,7 @@ To share feedback about {% data variables.product.prodname_copilot_chat %}, you
 
 {% data reusables.copilot.enabling-copilot-chat-beta %}
 
-## Installing the {% data variables.product.prodname_vs %} extension
+## Installing the {% data variables.product.prodname_copilot_chat %} extension in {% data variables.product.prodname_vs %}
 
 To use {% data variables.product.prodname_copilot_chat %} with {% data variables.product.prodname_vs %}, you must install the {% data variables.product.prodname_vs %} extension.
 {% data reusables.copilot.vs-extensions %}
@@ -183,7 +183,129 @@ To share feedback about {% data variables.product.prodname_copilot_chat %}, you
 
 - [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-copilot-pre-release-terms)
 - [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot){% ifversion ghec %}
-- [AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-for-business-privacy-statement){% endif %}
+- [AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-business-privacy-statement){% endif %}
 - [{% data variables.product.prodname_copilot %} FAQ](https://github.com/features/copilot#faq)
 
 {% endvisualstudio %}
+
+{% jetbrains %}
+
+## About {% data variables.product.prodname_copilot_chat %} and JetBrains
+
+{% data reusables.copilot.chat-procedural-intro %}
+
+## Prerequisites
+
+{% data reusables.copilot.chat-subscription-prerequisite %}
+
+- To use the {% data variables.product.prodname_copilot_chat %} beta in JetBrains, you must have a compatible JetBrains IDE installed. {% data variables.product.prodname_copilot_chat_short %} is compatible with the following IDEs:
+  - IntelliJ IDEA (Ultimate, Community, Educational)
+  - Android Studio
+  - AppCode
+  - CLion
+  - DataGrip
+  - DataSpell
+  - GoLand
+  - MPS
+  - PhpStorm
+  - PyCharm (Professional, Community, Educational)
+  - Rider
+  - RubyMine
+  - RustRover
+  - WebStorm
+
+  For more information, see the [JetBrains IDEs](https://www.jetbrains.com/products/) tool finder.
+
+## Enabling or disabling {% data variables.product.prodname_copilot_chat %}
+
+{% note %}
+
+**Note:**  If you have a {% data variables.product.prodname_copilot_for_individuals %} subscription, you can join the [waitlist](https://github.com/github-copilot/chat_jetbrains_waitlist_signup/join). You will be notified by email when you have been grated access. Joining the waitlist does not guarantee you access.
+
+{% endnote %}
+
+The {% data variables.product.prodname_copilot_chat %} public beta is available to all organizations and enterprises that have an active {% data variables.product.prodname_copilot_for_business %} license. You can enable or disable {% data variables.product.prodname_copilot_chat %} for your organization or enterprise in the {% data variables.product.prodname_copilot_for_business %} settings page.
+
+### Enabling or disabling {% data variables.product.prodname_copilot_chat %} at the organization level
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+1. In the "Code planning, and automation" section of the sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**, and then click **Policies**.
+1. To the right of **{% data variables.product.prodname_copilot_chat %} Beta**, select the dropdown menu, and then click **Enabled** or **Disabled**.
+
+### Enabling or disabling {% data variables.product.prodname_copilot_chat %} at the enterprise level
+
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+1. To the right of **{% data variables.product.prodname_copilot_chat %} Beta**, select the dropdown menu, and then choose the appropriate option.
+    - Click **Allowed** to enable the {% data variables.product.prodname_copilot_chat %} beta for all organizations under your enterprise.
+    - Click **Blocked** to disable the {% data variables.product.prodname_copilot_chat %} beta for all organizations under your enterprise.
+    - Click **No policy** to allow each organization under your enterprise to set their own policy.
+
+## Installing or updating the {% data variables.product.prodname_copilot %} plugin in JetBrains
+
+To use the {% data variables.product.prodname_copilot_chat %} beta in a JetBrains IDE, you must install or update the {% data variables.product.prodname_copilot %} plugin. If you have not yet installed the {% data variables.product.prodname_copilot %} plugin, follow the steps in "[Installing the {% data variables.product.prodname_copilot %} plugin in your JetBrains IDE](#installing-the-github-copilot-plugin-in-your-jetbrains-ide)." If you have already installed the {% data variables.product.prodname_copilot %} plugin, follow the steps in "[Updating the {% data variables.product.prodname_copilot %} plugin in JetBrains](#updating-the-github-copilot-plugin-in-jetbrains)."
+
+The following procedures will guide you through installing or updating the {% data variables.product.prodname_copilot %} plugin in IntelliJ IDEA. Steps to install the plugin in another supported IDE may differ.
+
+### Installing the {% data variables.product.prodname_copilot %} plugin in your JetBrains IDE
+
+{% data reusables.copilot.installing-copilot-in-jetbrains-ide %}
+
+### Updating the {% data variables.product.prodname_copilot %} plugin in JetBrains
+
+{% data reusables.copilot.jetbrains-settings-preferences %}
+1. In the left-side menu of the **Settings/Preferences** dialog box, click **Plugins**.
+1. At the top of the **Settings/Preferences** dialog box, click **Installed**. In the search bar, search for **{% data variables.product.prodname_copilot %}**, then click **Update**.
+1. After {% data variables.product.prodname_copilot %} is updated, quit and relaunch your JetBrains IDE.
+1. After your JetBrains IDE has restarted, navigate back to the **Settings/Preferences** dialog box. Click **Languages & Frameworks**, then click **{% data variables.product.prodname_copilot %}**.
+1. Under "Plugin", in the "Update channel" dropdown menu, select **Nightly**.
+1. Click **Apply**.
+1. Click **OK**.
+1. Quit and relaunch your JetBrains IDE.
+
+## Asking your first question
+
+{% data reusables.copilot.copilot-chat-exclusively-code-questions %}
+
+1. At the right side of the JetBrains IDE window, click the **{% data variables.product.prodname_copilot_chat %}** icon to open the {% data variables.product.prodname_copilot_chat %} window.
+
+    ![Screenshot of the {% data variables.product.prodname_copilot_chat %} icon in the Activity Bar.](/assets/images/help/copilot/jetbrains-copilot-chat-icon.png)
+
+1. At the bottom of the {% data variables.product.prodname_copilot_chat %} window, in the **Ask {% data variables.product.prodname_copilot_short %} a question or type `/` for commands** text box, type a coding related question, then press **Enter**. For example, type "How do I write a function that returns the sum of two numbers?".
+1. {% data variables.product.prodname_copilot_chat %} will process your question and provide an answer, with code suggestions when appropriate, in the chat window.
+
+   If your question is outside the scope of {% data variables.product.prodname_copilot_chat %}, it will tell you and may suggest an alternative question to ask.
+
+1. Optionally, if {% data variables.product.prodname_copilot_chat %} suggests a follow-up question above the **Ask {% data variables.product.prodname_copilot_short %} a question or type `/` for commands** text box, click the follow-up question to ask it.
+
+## Asking {% data variables.product.prodname_copilot_chat %} questions about your code
+
+{% data variables.product.prodname_copilot_chat %} can provide answers and support with a wide range of coding-related topics.
+
+1. In your JetBrains IDE, open the file you want {% data variables.product.prodname_copilot_chat %} to help you with.
+1. Ask {% data variables.product.prodname_copilot_chat %} a question about the file you have open. For example:
+    - To generate a description of the file's purpose, ask a question like, `What does this file do?`.
+    - To generate a unit test for the file, type a request like, `Write a unit test for this file`. Alternatively, highlight the code you want to generate a unit test for, then ask a question like, `Write a unit test for this code`.
+    - To generate a fix for a bug in the file, type a request like, `Fix this bug`.
+
+## Sharing feedback about {% data variables.product.prodname_copilot_chat %}
+
+To share feedback about {% data variables.product.prodname_copilot_chat %}, you can use the **share feedback** link in JetBrains.
+
+1. At the right side of the JetBrains IDE window, click the **{% data variables.product.prodname_copilot_chat %}** icon to open the {% data variables.product.prodname_copilot_chat %} window.
+
+    ![Screenshot of the {% data variables.product.prodname_copilot_chat %} icon in the Activity Bar.](/assets/images/help/copilot/jetbrains-copilot-chat-icon.png)
+
+1. At the top of the {% data variables.product.prodname_copilot_chat %} window, click the **share feedback** link.
+
+    ![Screenshot of the share feedback link in the {% data variables.product.prodname_copilot_chat %} window.](/assets/images/help/copilot/jetbrains-share-feedback.png)
+
+## Further reading
+
+- "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-copilot-pre-release-terms)"
+- "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot) "{% ifversion ghec %}
+- "[AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-for-business-privacy-statement) "{% endif %}
+- [{% data variables.product.prodname_copilot %} FAQ](https://github.com/features/copilot#faq)
+
+{% endjetbrains %}

content/copilot/github-copilot-enterprise/copilot-chat-in-github/about-github-copilot-chat.md

@@ -0,0 +1,36 @@
+---
+title: About GitHub Copilot Chat
+shortTitle: About Copilot Chat
+intro: '{% data variables.product.prodname_copilot_chat %} can help you by providing answers to coding related questions directly within {% data variables.product.prodname_dotcom_the_website %} or a supported IDE.'
+product: '{% data reusables.gated-features.copilot-chat-in-github %}
+<br><br>
+Owners of organizations {% ifversion ghec %}or enterprises {% endif %}with a {% data variables.product.prodname_copilot_enterprise %} subscription can decide whether to grant access to the {% data variables.product.prodname_copilot_enterprise_short %} functionality for an organization. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise)."'
+versions:
+  feature: 'copilot-on-dotcom'
+  fpt: '*'
+topics:
+  - Copilot
+type: rai
+---
+
+## About {% data variables.product.prodname_copilot_chat %}
+
+{% data variables.product.prodname_copilot_chat %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %}, to ask and receive answers to coding-related questions within {% data variables.product.prodname_dotcom_the_website %} and supported IDEs. The chat interface provides access to coding information and support without requiring you to navigate documentation or search online forums. In addition to {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.prodname_copilot_chat_short %} is currently supported in {% data variables.product.prodname_vscode %}, {% data variables.product.prodname_vs %}, and the JetBrains suite of IDEs. For more information about {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)" and "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-business)."
+
+{% data variables.product.prodname_copilot_chat %} can answer a wide range of coding-related questions on topics including syntax, programming concepts, test cases, debugging, and more. {% data variables.product.prodname_copilot_chat %} is not designed to answer non-coding questions or provide general information on topics outside of coding.
+
+{% data variables.product.prodname_copilot_chat %} works by using a combination of natural language processing and machine learning to understand your question and provide you with an answer. This process can be broken down into a number of steps.
+
+{% data reusables.copilot.about-copilot-chat %}
+
+## Next steps
+
+For details of how to use {% data variables.product.prodname_copilot_chat %}, see:
+
+- "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom)"{% ifversion fpt %} in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
+- "[AUTOTITLE](/copilot/github-copilot-chat/using-github-copilot-chat-in-your-ide)"
+
+## Further reading
+
+- "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-copilot-pre-release-terms)"
+- [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center/)

content/copilot/github-copilot-enterprise/copilot-chat-in-github/index.md

@@ -0,0 +1,10 @@
+---
+title: Copilot Chat in GitHub.com
+intro: 'You can chat with {% data variables.product.prodname_copilot_chat_dotcom_short %} to learn out about aspects of software development, or to understand or improve specific lines of code.'
+versions:
+  feature: 'copilot-on-dotcom'
+  fpt: '*'
+children:
+  - /about-github-copilot-chat
+  - /using-github-copilot-chat-in-githubcom
+---

content/copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom.md

@@ -0,0 +1,175 @@
+---
+title: Using GitHub Copilot Chat in GitHub.com
+shortTitle: Using Chat in GitHub.com
+intro: 'You can use {% data variables.product.prodname_copilot_chat_short %} to answer general questions about software development, or specific questions about the code in a repository.'
+product: '{% data reusables.gated-features.copilot-chat-in-github %}'
+versions:
+  feature: 'copilot-on-dotcom'
+topics:
+  - Copilot
+---
+
+## Overview
+
+{% data variables.product.prodname_copilot_chat %} is a chat interface that lets you ask and receive answers to coding-related questions either on {% data variables.product.prodname_dotcom_the_website %} or within a supported IDE. For information on using {% data variables.product.prodname_copilot_chat %} in an IDE, see "[AUTOTITLE](/copilot/github-copilot-chat/using-github-copilot-chat-in-your-ide)."
+
+{% data variables.product.prodname_copilot_chat_short %} can help you with a variety of coding-related tasks, like offering you code suggestions, providing natural language descriptions of a piece of code's functionality and purpose, generating unit tests for your code, and proposing fixes for bugs in your code. For more information, see "[AUTOTITLE](/copilot/github-copilot-chat/about-github-copilot-chat)."
+
+On {% data variables.product.prodname_dotcom_the_website %}, you can use {% data variables.product.prodname_copilot_chat_short %} to ask:
+
+- General software-related questions, without a particular context. For more information, see "[Asking a general question about software development](#asking-a-general-question-about-software-development)."
+- Questions asked in the context of your project, or a documentation set. For more information, see "[Asking a question with a specific context](#asking-a-question-with-a-specific-context)."
+- Questions about a specific file or specified lines of code within a file. For more information, see "[Asking questions about specific pieces of code](#asking-questions-about-specific-pieces-of-code)."
+
+### Limitations
+
+The following limitations apply to this beta release of {% data variables.product.prodname_copilot_chat_dotcom %}:
+
+- {% data reusables.copilot.chat-limited-docset-availability %}
+- Chat responses may be suboptimal if you ask questions about a specific repository that you've selected as a context, and the repository has not been indexed for semantic code search. {% data reusables.copilot.chat-beta-indexing %}
+- The quality of the results from {% data variables.product.prodname_copilot_chat_short %} may, in some situations, be degraded if very large files, or a large number of files, are used as a context for a question.
+
+## Prerequisites
+
+{% data reusables.copilot.chat-subscription-prerequisite %}
+- To use {% data variables.product.prodname_copilot_chat_dotcom %}, you must have been granted access to {% data variables.product.prodname_copilot_chat %} as part of {% data variables.product.prodname_copilot_enterprise %}. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise)."
+
+## Asking a general question about software development
+
+You can ask a general question about software development that is not focused on a particular context, such as a repository or a documentation set.
+
+{% data reusables.copilot.go-to-copilot-page %}
+
+1. On the "Chat with {% data variables.product.prodname_copilot_short %}" page, click **General coding chat**.
+
+   ![Screenshot of the main {% data variables.product.prodname_copilot_short %} page with 'General coding chat' highlighted.](/assets/images/help/copilot/general-coding-chat.png)
+
+1. At the bottom of the page, in the "Ask {% data variables.product.prodname_copilot_short %}" box, type a question and press <kbd>Enter</kbd>.
+
+   Some examples of general questions you could ask are:
+   - What are the advantages of the Go programming language?
+   - What is Agile software development?
+   - What is the most popular JavaScript framework?
+   - Give me some examples of regular expressions.
+   - Write a bash script to output today's date.
+
+1. Within a conversation thread, you can ask follow-up questions. {% data variables.product.prodname_copilot_short %} will answer within the context of the conversation. For example, you could type "tell me more" to get {% data variables.product.prodname_copilot_short %} to expand on its last comment.
+
+   You can use your initial question as a foundation for follow-up questions. A detailed foundational prompt can help {% data variables.product.prodname_copilot_short %} provide more relevant answers to your follow-up questions. For more information, see "[Prompting {% data variables.product.prodname_copilot_chat %} to become your personal AI assistant for accessibility](https://github.blog/2023-10-09-prompting-github-copilot-chat-to-become-your-personal-ai-assistant-for-accessibility/)" on the {% data variables.product.prodname_dotcom %} Blog.
+
+{% data reusables.copilot.chat-conversation-buttons %}
+
+## Asking a question with a specific context
+
+You can choose a specific context, such as a particular repository or a documentation set, and then ask a question with that context in mind.
+
+{% note %}
+
+**Note**: {% data reusables.copilot.chat-limited-docset-availability %}
+
+{% endnote %}
+
+{% data reusables.copilot.go-to-copilot-page %}
+1. Click a docset or a repository to provide a context for your question.
+
+   For example, you could choose a repository whose code you want to understand better, or the documentation for a technology you want to learn more about.
+
+   You can search for a docset or repository, if you don't see one you want to use.
+
+1. At the bottom of the page, in the "Ask {% data variables.product.prodname_copilot_short %}" box, type a question and press <kbd>Enter</kbd>.
+
+   For example, if you chose the repository you are working in as the context, you could ask:
+
+   - What is the main purpose of this repo? What problem does it solve or what functionality does it provide?
+   - What web frameworks are used in this project?
+   - Where is rate limiting implemented in our API?
+   - How is the code organized? Explain the project architecture.
+   - Are there any specific environment requirements for working on this project?
+
+   {% note %}
+
+   **Note**: {% data variables.product.prodname_copilot_short %}'s ability to answer natural language questions like these in a repository context depends on the repository being indexed for semantic code search. The indexing status of the repository is displayed when you start a conversation that has a repository context.
+
+   ![Screenshot showing the message 'Indexed for semantic code search' highlighted with a dark orange outline.](/assets/images/help/copilot/chat-indexed-message.png)
+
+   {% data reusables.copilot.chat-beta-indexing %}
+
+   {% endnote %}
+
+   If you chose a documentation set as the context - for example, the Azure documentation - you could ask:
+
+   - What advantages does Azure have over other types of cloud storage?
+   - How do I block Azure from accessing locations on my network?
+   - How can I reduce the cost of a hosted website?
+   - How do I enable MFA?
+
+1. The response typically contains numbered references to files that {% data variables.product.prodname_copilot_short %} used to generate the answer, from the repository or docset you selected. To list the sources that were used, click **Search results from DOCSET**.
+
+   ![Screenshot showing an expanded list of source references.](/assets/images/help/copilot/chat-sources-list.png)
+
+1. To display information about a source reference, click its entry in the list.
+
+   Alternatively, to open the complete file, click the ellipsis (**...**), then select **Open**.
+
+1. To display the complete list of references, click the "Reference list" icon at the top right of the page.
+
+   ![Screenshot of the "Reference list" icon, highlighted with a dark orange outline.](/assets/images/help/copilot/copilot-references-button.png)
+
+{% data reusables.copilot.chat-conversation-buttons %}
+
+## Asking questions about specific pieces of code
+
+You can chat with {% data variables.product.prodname_copilot_short %} about a file in your repository, or about specific lines of code within a file.
+
+1. On {% data variables.product.prodname_dotcom_the_website %}, navigate to a repository and open a file.
+1. Do one of the following:
+   - To ask a question about the entire file, click the {% data variables.product.prodname_copilot_short %} icon ({% octicon "copilot" aria-hidden="true" %}) at the top right of the file view.
+
+     ![Screenshot of the {% data variables.product.prodname_copilot_short %} button, highlighted with a dark orange outline, at the top of the file view.](/assets/images/help/copilot/copilot-button-for-file.png)
+
+   - To ask a question about specific lines within the file:
+
+     1. Select the lines by clicking the line number for the first line you want to select, holding down <kbd>Shift</kbd> and clicking the line number for the last line you want to select.
+     1. To ask your own question about the selected lines, click the {% data variables.product.prodname_copilot_short %} icon ({% octicon "copilot" aria-hidden="true" %}) to the right of your selection.
+        This displays the {% data variables.product.prodname_copilot_chat %} panel with the selected lines indicated as the context of your question.
+     1. To ask a predefined question, click the downward-pointing button beside the {% data variables.product.prodname_copilot_short %} icon, then choose one of the options.
+
+     ![Screenshot of the {% data variables.product.prodname_copilot_short %} buttons, highlighted with a dark orange outline, to the right of some selected code.](/assets/images/help/copilot/copilot-buttons-inline-code.png)
+
+1. If you clicked the {% data variables.product.prodname_copilot_short %} icon, type a question in the "Ask {% data variables.product.prodname_copilot_short %}" box at the bottom of the chat panel and press <kbd>Enter</kbd>.
+
+   For example, if you are asking about the entire file, you could enter:
+
+   - Explain this file.
+   - How could I improve this code?
+   - How can I test this script?
+
+   If you are aksing about specific lines, you could enter:
+   - Explain the function at the selected lines.
+   - How could I improve this class?
+   - Add error handling to this code.
+   - Write a unit test for this method.
+
+   {% data variables.product.prodname_copilot_short %} responds to your request in the panel.
+
+   ![Screenshot of a response to the question "What does the function at the selected lines do?"](/assets/images/help/copilot/copilot-sample-chat-response.png)
+
+1. You can continue the conversation by asking a follow-up question. For example, you could type "tell me more" to get {% data variables.product.prodname_copilot_short %} to expand on its last comment.
+1. To clear, delete, or rename the current conversation thread, or to start a new thread, type `/` in the "Ask {% data variables.product.prodname_copilot_short %}" box, select from the options that are displayed, then press <kbd>Enter</kbd>.
+
+1. To view a conversation in immersive mode, displaying just the conversation thread, click the dashed box icon at the top right of the conversation thread.
+
+   ![Screenshot of the immersive mode button at the top right of the {% data variables.product.prodname_copilot_short %} panel. The button is highlighted with a dark orange outline.](/assets/images/help/copilot/copilot-immersive-view-button.png)
+
+## Sharing feedback about {% data variables.product.prodname_copilot_chat_dotcom %}
+
+To give feedback about a particular {% data variables.product.prodname_copilot_chat_short %} response:
+
+1. Click either the thumbs up or thumbs down icon at the bottom of each chat response.
+1. Optionally, provide information about why you liked or disliked the response.
+
+   ![Screenshot of the feedback form for {% data variables.product.prodname_copilot_chat_short %}.](/assets/images/help/copilot/feedback-form.png)
+
+1. Click **Submit feedback**.
+
+To give feedback about {% data variables.product.prodname_copilot_chat_short %} in general, click the "Give feedback" link at the top right of any {% data variables.product.prodname_copilot_short %} page on {% data variables.product.prodname_dotcom_the_website %}.

content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries.md

@@ -0,0 +1,81 @@
+---
+title: About Copilot pull request summaries
+shortTitle: About PR summaries
+intro: 'With {% data variables.product.prodname_copilot_for_prs %}, you can create an AI-generated description for a pull request.'
+versions:
+  feature: copilot
+topics:
+  - Copilot
+type: rai
+product: '{% data reusables.gated-features.copilot-enterprise-beta %}'
+---
+
+## About {% data variables.product.prodname_copilot_for_prs %}
+
+{% data variables.product.prodname_copilot_for_prs %} is an AI-powered feature that allows you to create a summary of the changes that were made in a pull request, which files they impact, and what a reviewer should focus on when they conduct their review.
+
+When a user requests a summary, {% data variables.product.prodname_copilot_short %} scans through the pull request and provides an overview of the changes made in prose, as well as a bulleted list of changes with the files that they impact.
+
+{% data variables.product.prodname_copilot_for_prs %} uses a simple-prompt flow leveraging the {% data variables.product.prodname_copilot_short %} API, with no additional trained models. This utilizes the generic large language model.
+
+### Response generation
+
+The current process uses GPT 3.5 to initiate the auto-complete process and generate the pull request summary.
+
+#### Pipeline approach
+
+When a user requests a summary, a workflow is triggered. The workflow uses the code diffs to build a prompt call, which requests {% data variables.product.prodname_copilot_short %} to generate a summary of the pull request. The summary request initiates a pipeline process which includes raw diffs in a prompt and requests {% data variables.product.prodname_copilot_short %} to generate individual summaries of the various diff hunks. This process creates several individual summaries. {% data variables.product.prodname_copilot_short %} then takes those diff hunk summaries and uses them to create a file-level summary. This file-level summary exists for each file that's summarizable, but excludes binary files and files {% data variables.product.prodname_copilot_short %} deems not appropriate for summarization.
+
+{% data variables.product.prodname_copilot_short %} then takes the file-level summaries and uses them to request another prompt which then creates an overall summary for the pull request. Every summary request will generate a minimum of N+1 prompts, where N equals the number of summarizable files in the pull request.
+
+### Output formatting
+
+A summary generated by {% data variables.product.prodname_copilot_short %} will be in two parts:
+
+- A three sentence overview, written in prose, to give a user an overview of what the changes in the pull request entail
+- 3–5 of those changes listed in bulleted form that link out to the respective lines of code that they refer to
+
+You can initiate this feature when creating a pull request, by editing the pull request description after creation, or in a comment in the pull request thread. This can take a couple of minutes on larger pull requests. You can share feedback directly from the UI.
+
+## Use case for pull request summaries
+
+The goal of {% data variables.product.prodname_copilot_for_prs %} is to help optimize an author's ability to quickly provide context when they request a human review that requires sharing context of the changes that were made. It may help increase developer productivity by reducing the time taken to open a pull request.
+
+For many users, it could provide more helpful context for the changes that were made within a pull request than would normally be available.
+
+## Improving performance of pull request summaries
+
+### Use {% data variables.product.prodname_copilot_for_prs %} as a tool, not a replacement
+
+The feature is intended to supplement rather than replace a human's work to add context, and we encourage you to continue adding useful context and let {% data variables.product.prodname_copilot_short %} do the busy work of parsing the code and linking to specific files. It remains your responsibility to review and assess the accuracy of information in a pull request that you create.
+
+### Provide feedback
+
+This feature is currently in beta. If you encounter any issues or limitations with {% data variables.product.prodname_copilot_for_prs %}, we recommend that you provide feedback through the link that appears the UI after a summary is generated. You can provide feedback through the text link which takes you to our survey.
+
+## Limitations of pull request summaries
+
+Currently, our team is aware that there are limitations to this feature. Many of them are expected in leveraging our {% data variables.product.prodname_copilot_short %} API; however, there are a few that are specific to {% data variables.product.prodname_copilot_for_prs %} which pertain to limited scope, longer processing times, and inaccurate responses. We also note that users should expect terms used in their PR to appear in the AI-generated summary. This feature has been subject to RAI Red Teaming and we will continue to monitor the efficacy and safety of the feature over time. For more information, see [Microsoft AI Red Team building future of safer AI](https://www.microsoft.com/en-us/security/blog/2023/08/07/microsoft-ai-red-team-building-future-of-safer-ai/) on the Microsoft security blog.
+
+### Limited scope
+
+Because of capacity, we know that larger pull requests that reference 30 or more files will require more time to be processed thoroughly. We don't have an exact threshold currently, but have observed the first 30 files being accounted for and then any additional files being omitted from the summarization. We are working to address this current scope limitation.
+
+### Processing time
+
+In general, we expect a summary to be returned in 40 seconds or less after a user initiates the action. However, we have heard that this can take up to a minute, and in some cases a couple of minutes. We are working to decrease processing time and we know that users may not want to wait for this to finish before moving on to other parts of the pull request.
+
+### Inaccurate responses
+
+The more inputs and context that {% data variables.product.prodname_copilot_short %} can learn from, the better the outputs will become. However, since the feature is quite new, it will take time to reach exact precision with the summaries that are generated. In the meantime, there may be cases where a user's generated summary is less accurate and requires the user to make modifications before saving and publishing their pull request with this description. Reviewing is a requirement, and careful review of the output is highly recommended by our team during the beta.
+
+### Replication of pull request content
+
+Because a summary is an outline of the changes that were made in a pull request, if harmful or offensive terms are within the content of the pull request, there is potential for the summary to also include those terms.
+
+## Further reading
+
+- [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center/)
+{%- ifversion fpt %}
+- "[AUTOTITLE](/copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
+{%- endif %}

content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot.md

@@ -0,0 +1,46 @@
+---
+title: Creating a pull request summary with GitHub Copilot
+shortTitle: Create a PR summary
+intro: 'You can generate a summary in the description of a pull request, or as a comment.'
+versions:
+  feature: copilot-pr-summaries
+topics:
+  - Copilot
+product: '{% data reusables.gated-features.copilot-enterprise-beta %}'
+---
+
+## About {% data variables.product.prodname_copilot_for_prs %}
+
+You can use {% data variables.product.prodname_copilot %} to generate a summary of a pull request on {% data variables.product.prodname_dotcom_the_website %}. You can use the summary to help reviewers understand your changes, or to quickly understand the changes in a pull request you're reviewing.
+
+{% data variables.product.prodname_copilot %} will scan through the pull request and provide an overview of the changes made in prose, as well as a bulleted list of changes with the files that they impact. You can generate a summary in the following places.
+
+- In the description of a new pull request you're creating
+- In the description of an existing pull request, by editing the opening comment
+- In a comment on the main timeline of a pull request
+
+To learn more about {% data variables.product.prodname_copilot_for_prs %} and how to use the feature most effectively, see "[AUTOTITLE](/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries)."
+
+## Creating a summary for a pull request
+
+1. On {% data variables.product.prodname_dotcom_the_website %}, create a pull request or navigate to an existing pull request.
+
+   {% note %}
+
+   **Note:** {% data variables.product.prodname_copilot %} does not take into account any existing content in the pull request description, so it is best to start with a blank description.
+
+   {% endnote %}
+
+1. Navigate to the text field where you want to add the pull request summary.
+
+   - If you're creating a new pull request, use the "Add a description" field.
+   - If you're adding a description to an existing pull request, edit the opening comment.
+   - If you're adding a summary as a comment, navigate to the "Add a comment" section at the bottom of the pull request page.
+
+1. In the header of the text field, select {% octicon "copilot" aria-label="Copilot actions" %}, then click **Summary**.
+
+   ![Screenshot of the form for creating a pull request. In the header of the "Description" field, a Copilot icon is highlighted in orange, and a box appears with the "Summary" command.](/assets/images/help/copilot/copilot-description-suggestion.png)
+
+1. Wait for {% data variables.product.prodname_copilot %} to produce the summary, then check over the results carefully.
+1. Add any additional context that will help people viewing your pull request.
+1. When you're happy with the description, click **Create pull request** on a new pull request, or **Update comment** if you're editing an existing description.

content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/index.md

@@ -0,0 +1,12 @@
+---
+title: Copilot pull request summaries
+shortTitle: Copilot pull request summaries
+intro: 'With {% data variables.product.prodname_copilot_for_prs %}, you can create an AI-generated description for a pull request.'
+topics:
+  - Copilot
+versions:
+  feature: copilot
+children:
+  - /about-copilot-pull-request-summaries
+  - /creating-a-pull-request-summary-with-github-copilot
+---

content/copilot/github-copilot-enterprise/index.md

@@ -0,0 +1,13 @@
+---
+title: GitHub Copilot Enterprise
+shortTitle: Copilot Enterprise
+intro: 'Learn about GitHub Copilot Enterprise and the features available with it.'
+topics:
+  - Copilot
+versions:
+  feature: copilot
+children:
+  - /overview
+  - /copilot-chat-in-github
+  - /copilot-pull-request-summaries
+---

content/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise.md

@@ -0,0 +1,34 @@
+---
+title: About GitHub Copilot Enterprise
+shortTitle: About Copilot Enterprise
+intro: 'Learn about GitHub Copilot Enterprise and the features available with it.'
+versions:
+  feature: copilot
+topics:
+  - Copilot
+---
+
+{% note %}
+
+{% data variables.product.prodname_copilot_enterprise %} is in beta, and functionality and documentation are subject to change. You can nominate an organization or enterprise for the beta using the [{% data variables.product.prodname_copilot_enterprise_short %} waitlist form](https://github.com/github-copilot/copilot_enterprise_waitlist_signup/join).
+
+{% endnote %}
+
+## About the {% data variables.product.prodname_copilot_enterprise_short %} beta
+
+{% data variables.product.prodname_copilot_enterprise %} is a {% data variables.product.prodname_copilot_short %} plan available for organizations and enterprises that use {% data variables.product.prodname_ghe_cloud %}. {% data variables.product.prodname_copilot_enterprise_short %} is currently in beta and available to a limited number of customers.
+
+If {% data variables.product.prodname_copilot_enterprise_short %} is enabled for an organization or enterprise, members get access to the following {% data variables.product.prodname_copilot_short %} features on {% data variables.product.prodname_dotcom_the_website %}.
+
+- {% data variables.product.prodname_copilot_chat_short %} (see "[AUTOTITLE](/copilot/github-copilot-enterprise/copilot-chat-in-github/about-github-copilot-chat)")
+- {% data variables.product.prodname_copilot_for_prs %} (see "[AUTOTITLE](/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries)")
+
+These features are in beta and subject to change. Additional features will be added to the {% data variables.product.prodname_copilot_enterprise_short %} offering over time. If you're taking part in the beta, you'll be notified when new features are added.
+
+## Signing up for the {% data variables.product.prodname_copilot_enterprise_short %} beta
+
+You can nominate an organization or enterprise that you're a member of for the [{% data variables.product.prodname_copilot_enterprise_short %} waitlist](https://github.com/github-copilot/copilot_enterprise_waitlist_signup/join). To join the waitlist, the organization or enterprise must use {% data variables.product.prodname_ghe_cloud %} and have an active {% data variables.product.prodname_copilot_for_business %} subscription.
+
+Nominating an organization or enterprise for the waitlist does not guarantee access. By signing up to the waitlist, you are agreeing to the pre-release license terms. For more information, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-copilot-pre-release-license-terms)."
+
+If an organization or enterprise is granted access to the {% data variables.product.prodname_copilot_enterprise_short %} beta, an administrator must enable the features before members can start using them. For more information, see {% ifversion ghec %}"[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise)."{% elsif fpt %}"[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}

content/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise.md

@@ -0,0 +1,48 @@
+---
+title: Enabling GitHub Copilot Enterprise
+shortTitle: Enabling Copilot Enterprise
+intro: 'Learn how to enable the features available with the {% data variables.product.prodname_copilot_enterprise %} beta.'
+versions:
+  ghec: '*'
+topics:
+  - Copilot
+---
+
+{% note %}
+
+{% data variables.product.prodname_copilot_enterprise %} is in beta, and functionality and documentation are subject to change. You can nominate an organization or enterprise for the beta using the [{% data variables.product.prodname_copilot_enterprise_short %} waitlist form](https://github.com/github-copilot/copilot_enterprise_waitlist_signup/join).
+
+{% endnote %}
+
+## About {% data variables.product.prodname_copilot_enterprise_short %} features
+
+To use {% data variables.product.prodname_copilot_enterprise %} features, you can nominate an organization or enterprise that you're a member of for the [{% data variables.product.prodname_copilot_enterprise_short %} waitlist](https://github.com/github-copilot/copilot_enterprise_waitlist_signup/join). To join the waitlist, the organization or enterprise must use {% data variables.product.prodname_ghe_cloud %} and have an active {% data variables.product.prodname_copilot_for_business %} subscription. For more information, see "[AUTOTITLE](/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise)."
+
+If an enterprise or organization is granted access to the {% data variables.product.prodname_copilot_enterprise_short %} beta, an administrator must enable the {% data variables.product.prodname_copilot_enterprise_short %} features before members can start using the features. You can enable features in the settings of the enterprise or organization. Enabling or disabling the {% data variables.product.prodname_copilot_enterprise_short %} features does not affect the features already included in your {% data variables.product.prodname_copilot_for_business %} subscription.
+
+When members are granted access to the features, they will be notified that they have access, and receive instructions on how to start using the features.
+
+## Enabling or disabling {% data variables.product.prodname_copilot_enterprise %} features for an enterprise
+
+An enterprise owner can choose whether to enable {% data variables.product.prodname_copilot_enterprise %} features for all organizations, disable for all organizations, or allow each organization to choose its own policy for the features. By default, each organization can choose its own policy.
+
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+1. Click the **Technical preview features** tab.
+1. Next to "{% data variables.product.prodname_copilot_enterprise %}", select the dropdown menu (labeled **No policy** by default), then choose from the following options.
+
+   - **No policy**: Each organization can choose whether to enable the feature for its members.
+   - **Enabled**: The feature is enabled for members of all organizations.
+   - **Disabled**: The feature is disabled for members of all organizations.
+
+## Enabling or disabling {% data variables.product.prodname_copilot_enterprise_short %} features for an organization
+
+If you use a standalone organization on {% data variables.product.prodname_ghe_cloud %}, or if your organization's parent enterprise has selected **No policy**, an organization owner can choose whether to enable or disable {% data variables.product.prodname_copilot_enterprise %} features for the organization's members.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+1. In the "Code, planning, and automation" section of the sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**, then click **Policies and features**.
+1. Next to "{% data variables.product.prodname_copilot_enterprise %}", select the dropdown menu (labeled **Enabled** by default), then choose from the following options.
+
+   - **Enabled**: The feature is enabled for all members of the organization.
+   - **Disabled**: The feature is disabled for all members of the organization.

content/copilot/github-copilot-enterprise/overview/index.md

@@ -0,0 +1,12 @@
+---
+title: Overview
+shortTitle: Overview
+intro: 'Learn about GitHub Copilot Enterprise, and how to participate in the beta.'
+topics:
+  - Copilot
+versions:
+  feature: copilot
+children:
+  - /about-github-copilot-enterprise
+  - /enabling-github-copilot-enterprise
+---

content/copilot/github-copilot-in-the-cli/about-github-copilot-in-the-cli.md

@@ -0,0 +1,91 @@
+---
+title: About GitHub Copilot in the CLI
+intro: '{% data variables.product.prodname_copilot_cli %} can help you by providing either command suggestions or explanations of given commands.'
+product: '{% data reusables.gated-features.copilot-in-cli %}'
+versions:
+  feature: copilot-in-the-cli
+type: rai
+topics:
+  - Copilot
+  - CLI
+shortTitle: About Copilot in the CLI
+---
+
+## About {% data variables.product.prodname_copilot_cli %}
+
+{% data variables.product.prodname_copilot_cli %} provides a chat-like interface in the terminal that allows you to ask questions about the command line. You can ask {% data variables.product.prodname_copilot %} to provide either command suggestions or explanations of given commands.
+
+{% data variables.product.prodname_copilot_cli %} parses your question and provides an answer using a combination of natural language processing and machine learning. This process can be broken down into a number of steps.
+
+### Input processing
+
+The input prompt from the user is pre-processed by {% data variables.product.prodname_copilot_cli %} and sent to a {% data variables.product.company_short %} service that is connected to a large language model that then generates a response based on the context and prompt. User input can take the form of natural language prompts or questions. It may also include choosing the command type they would like to ask about from a predetermined list, i.e. generic shell command, Git (`git`), or {% data variables.product.prodname_cli %} (`gh`). The system is only intended to respond to command line-related questions. For more information about {% data variables.product.prodname_cli %}, see "[AUTOTITLE](/github-cli/github-cli/about-github-cli)."
+
+### Language model analysis
+
+The input prompt is then passed through the language model, which is a neural network that has been trained on a large body of text data. The language model analyzes the input prompt to find the command or command explanation most relevant to your query.
+
+### Response generation
+
+The language model generates a response based on its analysis of the input prompt. This response will take the form of a suggested command or an explanation of the command you asked about. If you want to run a suggested command, you need to copy the command and paste it in a separate window or tab in the terminal.
+
+### Output formatting
+
+The response generated by {% data variables.product.prodname_copilot_cli %} is formatted and presented to you. {% data variables.product.prodname_copilot_cli_short %} uses syntax highlighting, indentation, and other formatting features to add clarity to the generated response.
+
+{% data variables.product.prodname_copilot_cli_short %} is intended to provide you with the most relevant answer to your question. However, it may not always provide the answer you are looking for. Users of {% data variables.product.prodname_copilot_cli %} are responsible for reviewing and validating responses generated by the system to ensure they are accurate and appropriate. {% data variables.product.prodname_copilot_cli_short %} also provides an optional feedback mechanism to rate suggestions, which helps us improve the tool for the future. For more information, see "[Improving performance for {% data variables.product.prodname_copilot_cli %}](#improving-performance-of-github-copilot-in-the-cli)."
+
+## Use cases for {% data variables.product.prodname_copilot_cli %}
+
+{% data variables.product.prodname_copilot_cli %} can help you by providing either command suggestions or explanations of given commands.
+
+### Find the right command to perform a task
+
+{% data variables.product.prodname_copilot_cli %} aims to suggest commands that help you perform the tasks you’re trying to complete. To help {% data variables.product.prodname_copilot_cli_short %} provide better suggestions, you can specify the type of command you are looking for (generic, `git`, or `gh`). If the result isn’t quite what you’re looking for, you can keep revising your question until the returned command meets your expectations. Once you’ve generated the perfect command for your task, you can easily copy it to your clipboard to run it wherever you need.
+
+### Explain an unfamiliar command
+
+{% data variables.product.prodname_copilot_cli %} can help explain a command that you asked about by generating a natural language description of the command's functionality and purpose. This can be useful if you want to understand the command's behavior for the specific example provided without having to read or search through the command's documentation. The explanation can include information such as the command's input and output parameters and examples of how it could be used.
+
+By generating explanations, {% data variables.product.prodname_copilot_cli %} may help you to understand the command better, leading to enhanced learning, improved productivity, and less context switching. However, it's important to note that the generated explanations may not always be accurate or complete, so you'll need to review, and occasionally correct, its output. You remain responsible for ensuring the accuracy and appropriateness of the commands you run in the command line.
+
+## Improving {% data variables.product.prodname_copilot_cli %}
+
+To enhance the experience and address some of the limitations of {% data variables.product.prodname_copilot_cli %}, there are various measures that you can adopt. For more information about the limitations, see "[Limitations of {% data variables.product.prodname_copilot_cli %}](#limitations-of-github-copilot-in-the-cli)."
+
+### Use {% data variables.product.prodname_copilot_cli %} as a tool, not a replacement
+
+While {% data variables.product.prodname_copilot_cli %} can be a powerful tool for enhancing understanding of commands and the command line, it is important to use it as a tool rather than a replacement for human programming. You should always review and verify the command generated by {% data variables.product.prodname_copilot_cli_short %} to ensure that it meets your requirements and is free of errors or security concerns.
+
+### Provide feedback
+
+If you encounter any issues or limitations with {% data variables.product.prodname_copilot_cli %}, we recommend that you provide feedback by selecting the "Rate response" option in {% data variables.product.prodname_copilot_cli %}. This can help the developers to improve the tool and address any concerns or limitations.
+
+## Limitations of {% data variables.product.prodname_copilot_cli %}
+
+Depending on factors such as your operating system and input data, you may encounter different levels of accuracy when using {% data variables.product.prodname_copilot_cli %}. The following information is designed to help you understand system limitations and key concepts about performance as they apply to {% data variables.product.prodname_copilot_cli %}.
+
+### Limited scope
+
+{% data variables.product.prodname_copilot_cli %}'s training is based on online content from the Internet dating up to 2021. It operates within defined boundaries and might struggle with intricate commands, less common ones, or more recently developed tools. The quality of suggestions it provides for each language can be influenced by the availability and diversity of training data. For instance, inquiries about well-documented commands and tools like Git may yield more accurate responses compared to questions about more obscure command line tools.
+
+### Potential biases and errors
+
+{% data variables.product.prodname_copilot_cli %}'s training data is sourced from existing online sources. It’s important to note that these sources may include biases and errors of the individuals who contributed to the training data. {% data variables.product.prodname_copilot_cli_short %} may inadvertently perpetuate these biases and errors. Additionally, {% data variables.product.prodname_copilot_cli %} might perform differently depending on the scripting languages or scripting styles, potentially resulting in suboptimal or incomplete command suggestions or explanations.
+
+### Inaccurate responses
+
+{% data variables.product.prodname_copilot_cli %} may generate seemingly valid but syntactically or semantically incorrect commands. To avoid issues, always carefully review and verify suggestions, especially for critical or destructive tasks such as deleting content. Ensure generated commands align with best practices and fit your workflow.
+
+### Inaccurate responses to non-coding topics
+
+{% data variables.product.prodname_copilot_cli %} is not designed to answer questions beyond the scope of command line-related tasks. As a result, its responses might not consistently offer accuracy or assistance when confronted with questions unrelated to coding or general command line use. When you inquire about non-coding topics, {% data variables.product.prodname_copilot_cli %} may express its inability to provide a meaningful response.
+
+### Differing performance based on natural language
+
+{% data variables.product.prodname_copilot_cli %} has been trained on natural language content written predominantly in English. As a result, you may notice differing performance when providing {% data variables.product.prodname_copilot_cli %} with natural language input prompts in languages other than English.
+
+## Further reading
+
+- "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-copilot-pre-release-terms)"
+- [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center/)

content/copilot/github-copilot-in-the-cli/enabling-github-copilot-in-the-cli.md

@@ -0,0 +1,44 @@
+---
+title: Enabling GitHub Copilot in the CLI
+intro: 'You can enable or disable {% data variables.product.prodname_copilot_cli %} for your organization{% ifversion ghec %} or enterprise{% endif %}.'
+versions:
+  feature: copilot-in-the-cli
+topics:
+  - Copilot
+  - CLI
+shortTitle: Enabling Copilot in the CLI
+---
+
+{% note %}
+
+**Note:**  If you have a {% data variables.product.prodname_copilot_for_individuals %} subscription, you are automatically granted access to the {% data variables.product.prodname_copilot_cli %} beta.
+
+{% endnote %}
+
+The {% data variables.product.prodname_copilot_cli %} public beta is available to all organizations{% ifversion ghec %} and enterprises{% endif %} that have an active {% data variables.product.prodname_copilot_for_business %} license. You can enable or disable {% data variables.product.prodname_copilot_cli_short %} for your organization{% ifversion ghec %} or enterprise{% endif %} in the {% data variables.product.prodname_copilot_short %} settings.
+
+## Enabling or disabling {% data variables.product.prodname_copilot_cli_short %} at the organization level
+
+An organization owner can enable or disable {% data variables.product.prodname_copilot_cli_short %} for the organization. {% ifversion ghec %}You may not be able to configure this setting for your organization, if an enterprise owner has set a policy at the enterprise level.{% endif %}
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+1. In the "Code, planning, and automation" section of the sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**, and then click **Policies and features**.
+1. To the right of "{% data variables.product.prodname_copilot_cli %}", select the dropdown menu, then click **Enabled** or **Disabled**.
+
+{% ifversion ghec %}
+
+## Enabling or disabling {% data variables.product.prodname_copilot_cli_short %} at the enterprise level
+
+An enterprise owner can choose whether to enable a feature for all organizations, disable for all organizations, or allow each organization to choose its own policy for the feature.
+
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+1. Click the **Technical preview features** tab.
+1. To the right of "{% data variables.product.prodname_copilot_cli %}", select the dropdown menu, then choose the appropriate option.
+
+    - Click **Allowed** to enable the {% data variables.product.prodname_copilot_cli_short %} beta for all organizations under your enterprise.
+    - Click **Blocked** to disable the {% data variables.product.prodname_copilot_cli_short %} beta for all organizations under your enterprise.
+    - Click **No policy** to allow each organization under your enterprise to set its own policy.
+
+{% endif %}

content/copilot/github-copilot-in-the-cli/index.md

@@ -0,0 +1,14 @@
+---
+title: GitHub Copilot in the CLI
+shortTitle: Copilot in the CLI
+intro: 'Learn about {% data variables.product.prodname_copilot_cli %}, including use cases, best practices, and limitations.'
+versions:
+  feature: copilot-in-the-cli
+topics:
+  - Copilot
+  - CLI
+children:
+  - /about-github-copilot-in-the-cli
+  - /enabling-github-copilot-in-the-cli
+  - /using-github-copilot-in-the-cli
+---

content/copilot/github-copilot-in-the-cli/using-github-copilot-in-the-cli.md

@@ -0,0 +1,74 @@
+---
+title: Using GitHub Copilot in the CLI
+intro: 'You can use `gh`, the {% data variables.product.prodname_dotcom %} command line interface, to work with {% data variables.product.prodname_copilot_cli %}.'
+product: '{% data reusables.gated-features.copilot-in-cli %}'
+versions:
+  feature: copilot-in-the-cli
+topics:
+  - Copilot
+  - CLI
+shortTitle: Using Copilot in the CLI
+---
+
+## About using {% data variables.product.prodname_copilot_cli %}
+
+{% data reusables.cli.about-cli %} For more information, see "[AUTOTITLE](/github-cli/github-cli/about-github-cli)."
+
+{% data variables.product.prodname_copilot_cli %} is an extension for {% data variables.product.prodname_cli %} which provides a chat-like interface in the terminal that allows you to ask questions about the command line. You can ask {% data variables.product.prodname_copilot_cli_short %} to suggest a command for your use case, with `gh copilot suggest`, or to explain a command you're curious about, with `gh copilot explain`.
+
+## Prerequisites
+
+- To use {% data variables.product.prodname_copilot_cli_short %} you must have an active {% data variables.product.prodname_copilot %} subscription. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot)."
+- To use {% data variables.product.prodname_copilot_cli_short %} you must have {% data variables.product.prodname_cli %} installed. {% data reusables.cli.cli-installation %}
+
+## Installing {% data variables.product.prodname_copilot_cli_short %}
+
+If you have not already done so, run `gh auth login` to authenticate with your {% data variables.product.prodname_dotcom %} account.
+
+To install the {% data variables.product.prodname_copilot_cli_short %} extension, run `gh extension install github/gh-copilot`.
+
+To update {% data variables.product.prodname_copilot_cli_short %}, run `gh extension upgrade gh-copilot`.
+
+## Using {% data variables.product.prodname_copilot_cli_short %}
+
+To use `gh` to work with {% data variables.product.prodname_copilot %}, type `gh copilot SUBCOMMAND`. Additionally, you can use `gh copilot --help` for general help or `gh copilot SUBCOMMAND --help` for help with a specific subcommand.
+
+### Asking {% data variables.product.prodname_copilot_cli_short %} to explain a command
+
+You can ask {% data variables.product.prodname_copilot_cli_short %} to explain a command for you by running:
+
+```shell
+gh copilot explain
+```
+
+Alternatively, you can add the command you want explained directly to the prompt:
+
+```shell
+gh copilot explain "sudo apt-get"
+```
+
+{% data variables.product.prodname_copilot_cli_short %} can help by explaining what a command does in plain language. This makes it easier for you to understand the command's purpose and how it works for a specific example. You don't need to go through the command's documentation because the explanation includes information about what the command takes as input and produces as output, and provides practical examples.
+
+### Asking {% data variables.product.prodname_copilot_cli_short %} to suggest a command
+
+You can ask {% data variables.product.prodname_copilot_cli_short %} to suggest a command for you by running:
+
+```shell
+gh copilot suggest
+```
+
+This will start an interactive experience to get the command you need. {% data variables.product.prodname_copilot_cli_short %} aims to suggest commands that help you perform the tasks you’re trying to complete. To help {% data variables.product.prodname_copilot_cli_short %} provide better suggestions, you can specify the type of command you are looking for (generic, `git` or `gh`).
+
+If you already know what command you need, you can also include that in the prompt. For example, if you want to install Git, you can ask {% data variables.product.prodname_copilot_cli_short %} to suggest a command for you:
+
+```shell
+gh copilot suggest "Install git"
+```
+
+If the result isn’t quite what you’re looking for, you can keep revising your question until the returned command meets your expectations. You can do this by selecting the **Revise command** option.
+
+Once you’ve generated the perfect command for your task, you can easily copy it to your clipboard to run it wherever you need by selecting the **Copy to clipboard** option.
+
+## Sharing feedback about {% data variables.product.prodname_copilot_cli_short %}
+
+If you encounter any issues or limitations with {% data variables.product.prodname_copilot_cli_short %}, you can provide feedback by selecting the **Rate response** option in {% data variables.product.prodname_copilot_cli_short %}.

content/copilot/index.md

@@ -23,11 +23,12 @@ children:
   - /quickstart
   - /overview-of-github-copilot
   - /getting-started-with-github-copilot
-  - /managing-copilot-for-business
+  - /managing-copilot-business
+  - /github-copilot-enterprise
   - /github-copilot-chat
+  - /github-copilot-in-the-cli
   - /configuring-github-copilot
   - /troubleshooting-github-copilot
 topics:
   - Copilot
 ---
-

content/copilot/managing-copilot-business/configuring-content-exclusions-for-github-copilot.md

@@ -0,0 +1,240 @@
+---
+title: Configuring content exclusions for GitHub Copilot
+shortTitle: Excluding content
+intro: 'You can prevent specified files from being used to inform code completion suggestions made by {% data variables.product.prodname_copilot %}. {% data variables.product.prodname_copilot %} will not be available in excluded files.'
+product: 'This feature is available for organizations{% ifversion ghec %} and enterprise accounts{% endif %} with a {% data variables.product.prodname_copilot_business_short %} subscription.'
+permissions: 'Repository administrators and organization owners can manage the content exclusion settings for {% data variables.product.prodname_copilot %}.
+<br><br>
+People with the "Maintain" role for a repository can view the content exclusion settings for a repository, but can''t change these settings. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)."'
+layout: inline
+topics:
+  - Copilot
+versions:
+  feature: copilot
+---
+
+{% data reusables.copilot.content-exclusion-note %}
+
+## About configuring content exclusions
+
+You may want to prevent certain files from being available to {% data variables.product.prodname_copilot %}. You can configure {% data variables.product.prodname_copilot %} so that it ignores these files. You do this by specifying paths to excluded content in the settings for your repository or organization.
+
+When you specify content exclusions it has two effects:
+
+- The content of the affected files will not be used by {% data variables.product.prodname_copilot %} to inform the code completion suggestions it makes in other files.
+- {% data variables.product.prodname_copilot %} code completion will not be available in the affected files.
+
+{% data reusables.copilot.content-exclusions-delay %} For more information, see "[Propagating content exclusion changes to {% data variables.product.prodname_vscode_shortname %}](#propagating-content-exclusion-changes-to-vs-code)."
+
+### Who is affected by content exclusion settings?
+
+{% data reusables.copilot.content-exclusions-scope %}
+
+All exclusions, whether they are defined in repository settings or in organization settings, apply to all members of the {% ifversion fpt %}organization{% else %}enterprise{% endif %} who have been granted a {% data variables.product.prodname_copilot_short %} seat as part of a {% data variables.product.prodname_copilot_business_short %} subscription. {% ifversion ghec %}This means, for example, that if you are an admin of Organization A, that belongs to Enterprise X, you can set up an exclusion for files in any repositories, hosted on {% data variables.product.prodname_dotcom %} or elsewhere, and the exclusion will apply to all {% data variables.product.prodname_copilot_business_short %} users who belong to an organization in Enterprise X. However, it's recommended that, where an exclusion is being defined for a {% data variables.product.prodname_dotcom %} repository, you should define this either in the settings of that repository, or in the settings for the organization that owns the repository. This makes it easier to identify the exclusions that are in place for a repository than if you define the exclusions in the settings of another organization in the enterprise.{% endif %}
+
+## Configuring content exclusions for your repository
+
+You can use your repository settings to specify content in your repository that {% data variables.product.prodname_copilot %} should ignore.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+1. In the "Code & automation" section of the side bar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}**.
+
+   If your repository inherits any exclusions from {%ifversion fpt %}its parent organization{% else %} organizations in the same enterprise{% endif %}, you'll see {%ifversion ghec %}one or more{% else %} a{% endif %} gray box{%ifversion ghec %}es{% endif %} at the top of the page containing details of these exclusions. You cannot edit these settings.
+
+   {%ifversion ghec %}
+
+   {% note %}
+
+   **Note**: Exclusions that affect your repository can be defined in the settings of any organization in your {% data variables.product.prodname_dotcom %} enterprise, in addition to those defined in your repository settings.
+
+   {% endnote %}
+
+   {% endif %}
+
+1. In the box under "Paths to exclude in this repository," enter the paths to files from which {% data variables.product.prodname_copilot_short %} should be excluded.
+
+   ![Screenshot of the "Paths to exclude" text box in the repository settings for {% data variables.product.prodname_copilot_short %}.](/assets/images/help/copilot/paths-to-ignore.png)
+
+   Use the format: `- "/PATH/TO/DIRECTORY/OR/FILE"`, with each path on a separate line. You can add comments by starting a line with `#`.
+
+   You can use fnmatch pattern matching notation to specify file paths. For more information, see "[File](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch)" in the ruby-doc.org documentation.
+
+   {% note %}
+
+   **Note**: Patterns are case insensitive.
+
+   {% endnote %}
+
+### Example of paths specified in the repository settings
+
+```yaml annotate
+# Ignore the `/src/some-dir/kernel.rs` file in this repository.
+- "/src/some-dir/kernel.rs"
+
+# Ignore files called `secrets.json` anywhere in this repository.
+- "secrets.json"
+
+# Ignore all files whose names begin `secret` anywhere in this repository.
+- "secret*"
+
+# Ignore files whose names end `.cfg` anywhere in this repository.
+- "*.cfg"
+
+# Ignore all files in or below the `/scripts` directory of this repository.
+- "/scripts/**"
+```
+
+## Configuring content exclusions for your organization
+
+You can use your organization settings to specify content, in any repository, that {% data variables.product.prodname_copilot %} should ignore.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Content exclusion**.
+1. In the box under "Repositories and paths to exclude," enter details of where {% data variables.product.prodname_copilot_short %} should be excluded.
+
+   For each repository in which you want files to be excluded from {% data variables.product.prodname_copilot_short %}, enter a reference to the repository on one line, followed by paths to locations within the repository, with each path on a separate line. Use the following format:
+
+   ```yaml
+   REPOSITORY-REFERENCE:
+     - "/PATH/TO/DIRECTORY/OR/FILE"
+     - "/PATH/TO/DIRECTORY/OR/FILE"
+     - ...
+   ```
+
+   The following syntax is supported for `REPOSITORY-REFERENCE`:
+
+   ```text
+   http[s]://host.xz[:port]/path/to/repo.git/
+
+   git://host.xz[:port]/path/to/repo.git/
+
+   [user@]host.xz:path/to/repo.git/
+
+   ssh://[user@]host.xz[:port]/path/to/repo.git/
+   ```
+
+   {% note %}
+
+   **Notes**:
+
+   - The `user@` and `:port` parts of the `REPOSITORY-REFERENCE` are ignored in the calculation of which paths to ignore for a repository.
+   - Each repository reference can contain a single `*` wildcard. For example, `https://github.com/octo-org/*` matches all repositories in the `octo-org` organization.
+
+   {% endnote %}
+
+   You can use fnmatch pattern matching notation to specify file paths. For more information, see "[File](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch)" in the ruby-doc.org documentation.
+
+   {% note %}
+
+   **Note**: Patterns are case insensitive.
+
+   {% endnote %}
+
+### Example of repositories and paths in organization settings
+
+```yaml annotate
+# Ignore all `.env` files at any path, in any repository.
+# This setting applies to all repositories, not just to those on GitHub.com.
+# This could also have been written on a single line as:
+#
+# "*": ["**/.env"]
+"*":
+  - "**/.env"
+
+# In the `octo-repo` repository in this organization:
+octo-repo:
+  # Ignore the `/src/some-dir/kernel.rs` file.
+  - "/src/some-dir/kernel.rs"
+
+# In the `primer/react` repository on {% data variables.product.prodname_dotcom %}:
+https://github.com/primer/react.git:
+  # Ignore files called `secrets.json` anywhere in this repository.
+  - "secrets.json"
+  # Ignore files called `temp.rb` in or below the `/src` directory.
+  - "/src/**/temp.rb"
+
+# In the `copilot` repository of any {% data variables.product.prodname_dotcom %} organization:
+git@github.com:*/copilot:
+  # Ignore any files in or below the `/__tests__` directory.
+  - "/__tests__/**"
+  # Ignore any files in the `/scripts` directory.
+  - "/scripts/*"
+
+# In the `gitlab-org/gitlab-runner` repository on GitLab:
+git@gitlab.com:gitlab-org/gitlab-runner.git:
+  # Ignore the `/main_test.go` file.
+  - "/main_test.go"
+  # Ignore any files with names beginning `server` or `session`, anywhere in this repository.
+  - "{server,session}*"
+  # Ignore any files with names ending `.md` or `.mk`, anywhere in this repository.
+  - "*.m[dk]"
+  # Ignore files directly within directories such as `packages` or `packaged`, anywhere in this repository.
+  - "**/package?/*"
+  # Ignore files in or below any `security` directories, anywhere in this repository.
+  - "**/security/**"
+```
+
+## Reviewing changes to the content exclusion settings
+
+If you are an organization owner, you can check any changes that have been made to content exclusions.
+
+1. Open the "Content exclusion" page in the settings for your organization ([described here](#configuring-content-exclusions-for-your-organization)), or the settings for a repository ([described here](#configuring-content-exclusions-for-your-repository)).
+1. Scroll to the bottom of the page.
+
+   You will see the name of the person who last changed the settings, and information about when they made this change.
+
+1. Click the time of the last change.
+
+   ![Screenshot of the last edited information. The time of change link is highlighted with a dark orange outline.](/assets/images/help/copilot/content-exclusions-last-edited-by.png)
+
+   {% note %}
+
+   **Note**: The time of the last change is only a link if you are an organization owner.
+
+   {% endnote %}
+
+   The "Audit log" page for the organization is displayed, showing the most recently logged occurrences of the `copilot.content_exclusion_changed` action.
+
+   If you clicked through from a repository settings page, the audit log is filtered to show only changes to content exclusions for that repository.
+
+1. Click the ellipsis (...) at the end of each entry to see more details.
+
+   If the "excluded_paths" entry is truncated, hover over the truncated value to show the full entry. This displays the content of the exclusion settings after the change was saved.
+
+   ![Screenshot of audit log details for the 'copilot.content_exclusion_changed' action. The ellipsis button is highlighted.](/assets/images/help/copilot/copilot-audit-log.png)
+
+## Checking the effect of a settings change
+
+When you change {% data variables.product.prodname_copilot_short %}'s content exclusions you can check that the setting blocks {% data variables.product.prodname_copilot_short %} from suggesting code in the specified files.
+
+1. In {% data variables.product.prodname_vscode_shortname %}, open a file that you expect to be affected by your content exclusions.
+
+   If a {% data variables.product.prodname_copilot_short %} content exclusion applies to this file, the {% data variables.product.prodname_copilot_short %} icon in the status bar has a diagonal line through it.
+
+   ![Screenshot of the {% data variables.product.prodname_copilot_short %} disabled icon in the {% data variables.product.prodname_vscode_shortname %} toolbar.](/assets/images/help/copilot/copilot-disabled-for-repo.png)
+
+1. Click the icon to see a dropdown menu with information about the content exclusions that apply to this file.
+
+   ![Screenshot of the dropdown menu showing why a file has been excluded from {% data variables.product.prodname_copilot_short %}.](/assets/images/help/copilot/copilot-disabled-for-this-file.png)
+
+   {% note %}
+
+   **Note**: Clicking **Open logs** in this menu displays the log for {% data variables.product.prodname_copilot %} in which details of all excluded files you open are recorded.
+
+   {% endnote %}
+
+1. You can confirm that {% data variables.product.prodname_copilot_short %} is disabled for this file by starting to type a line of code, such as a comment. Normally you would see a code completion suggestion from {% data variables.product.prodname_copilot_short %} as you type. However, if this file is affected by a content exclusions setting you will not see any suggestions.
+
+### Propagating content exclusion changes to {% data variables.product.prodname_vscode_shortname %}
+
+If you opened a file in {% data variables.product.prodname_vscode_shortname %} before you changed the content exclusions, you may need to reload the window in {% data variables.product.prodname_vscode_shortname %} to see the effect of the settings change.
+
+1. Access the Command Palette. For example, by pressing <kbd>Shift</kbd>+<kbd>Command</kbd>+<kbd>P</kbd> (Mac) / <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd> (Windows/Linux).
+1. Type: `reload`.
+1. Select **Developer: Reload Window**.
+
+## Further reading
+
+- "[AUTOTITLE](/copilot/managing-copilot-business/reviewing-your-organization-or-enterprises-audit-logs-for-copilot-business)"

content/copilot/managing-copilot-business/enabling-and-setting-up-github-copilot-business.md

@@ -1,14 +1,15 @@
 ---
-title: Enabling and setting up GitHub Copilot for Business
+title: Enabling and setting up GitHub Copilot Business
 intro: 'To use {% data variables.product.prodname_copilot_for_business %}, you need to set up a subscription for your organization{% ifversion ghec %} or enterprise{% endif %}.'
 product: '{% data reusables.gated-features.copilot-billing %}'
 redirect_from:
   - /copilot/overview-of-github-copilot/enabling-and-setting-up-github-copilot-for-business
+  - /copilot/managing-copilot-business/enabling-and-setting-up-github-copilot-for-business
 versions:
   feature: copilot
 topics:
   - Copilot
-shortTitle: Enabling GitHub Copilot for Business
+shortTitle: Enabling GitHub Copilot Business
 ---
 
 To use {% data variables.product.prodname_copilot_for_business %}, you need to set up a subscription for your organization{% ifversion ghec %} or enterprise{% endif %} account. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription-for-your-organization-or-enterprise)."
@@ -26,7 +27,7 @@ To use {% data variables.product.prodname_copilot_for_business %}, you need to s
 
 {% endnote %}
 
-Your enterprise owner can enable {% data variables.product.prodname_copilot_business_short %} for the organizations in the enterprise by first establishing the policy and then assigning users. To enforce a policy to manage the use of {% data variables.product.prodname_copilot_business_short %}, follow the steps in "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise#enforcing-a-policy-to-manage-the-use-of-github-copilot-for-business-in-your-enterprise)." If you need additional help with policy configuration or user assignment for {% data variables.product.prodname_copilot_business_short %}, you can contact {% data variables.contact.contact_enterprise_sales %}.
+Your enterprise owner can enable {% data variables.product.prodname_copilot_business_short %} for the organizations in the enterprise by first establishing the policy and then assigning users. To enforce a policy to manage the use of {% data variables.product.prodname_copilot_business_short %}, follow the steps in "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise#enforcing-a-policy-to-manage-the-use-of-github-copilot-business-in-your-enterprise)." If you need additional help with policy configuration or user assignment for {% data variables.product.prodname_copilot_business_short %}, you can contact {% data variables.contact.contact_enterprise_sales %}.
 
 {% data variables.product.prodname_copilot %} includes a filter which detects code suggestions that match public code on {% data variables.product.prodname_dotcom %}. Your enterprise owner can choose whether to enable or disable the filter at the enterprise-level, or allow organization owners to decide at the organization-level. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise#enforcing-a-policy-to-manage-the-use-of-github-copilot-suggestions-that-match-public-code-in-your-enterprise)."{% endif %}
 

content/copilot/managing-copilot-business/index.md

@@ -0,0 +1,18 @@
+---
+title: Managing Copilot Business
+shortTitle: Manage Copilot Business
+intro: 'Learn how to manage your Copilot Business subscription.'
+redirect_from:
+  - /copilot/configuring-github-copilot/configuring-github-copilot-settings-in-your-organization
+  - /copilot/managing-copilot-for-business
+versions:
+  feature: copilot
+topics:
+  - Copilot
+children:
+  - /reviewing-your-organization-or-enterprises-audit-logs-for-copilot-business
+  - /managing-access-for-copilot-business-in-your-organization
+  - /managing-policies-for-copilot-business-in-your-organization
+  - /enabling-and-setting-up-github-copilot-business
+  - /configuring-content-exclusions-for-github-copilot
+---

content/copilot/managing-copilot-business/managing-access-for-copilot-business-in-your-organization.md

@@ -1,9 +1,11 @@
 ---
-title: Managing access for Copilot for Business in your organization
+title: Managing access for Copilot Business in your organization
 intro: 'Learn how to manage access to {% data variables.product.prodname_copilot_for_business %} in your organization, and review usage data to inform your decisions.'
 permissions: Organization owners can configure access to {% data variables.product.prodname_copilot_for_business %} for their organization.
 versions:
   feature: copilot
+redirect_from:
+  - /copilot/managing-copilot-for-business/managing-access-for-copilot-for-business-in-your-organization
 topics:
   - Copilot
 shortTitle: Managing access
@@ -13,7 +15,7 @@ shortTitle: Managing access
 
 {% data variables.product.prodname_copilot_for_business %} is a {% data variables.product.prodname_copilot %} subscription, billed and administered at the organization {% ifversion ghec %}or enterprise {% endif %}level.{% ifversion ghec %} Enterprise owners can administer access for organizations within the enterprise.{% endif %} Organization owners can administer access for teams and individuals within the organization. Organization owners can also access usage data relating to {% data variables.product.prodname_copilot_for_business %} in their organization, and use that data to make informed decisions about seat assignment.
 
-Organization{% ifversion ghec %} and enterprise{% endif %} owners can also manage policies for {% data variables.product.prodname_copilot_for_business %}. For more information{% ifversion ghec %} about managing policies at the organization level{% endif %}, see "[AUTOTITLE](/copilot/managing-copilot-for-business/managing-policies-for-copilot-for-business-in-your-organization)."{% ifversion ghec %} For more information about managing policies at the enterprise level, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise)" {% endif %}
+Organization{% ifversion ghec %} and enterprise{% endif %} owners can also manage policies for {% data variables.product.prodname_copilot_for_business %}. For more information{% ifversion ghec %} about managing policies at the organization level{% endif %}, see "[AUTOTITLE](/copilot/managing-copilot-business/managing-policies-for-copilot-business-in-your-organization)."{% ifversion ghec %} For more information about managing policies at the enterprise level, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise)" {% endif %}
 
 ## Configuring access to {% data variables.product.prodname_copilot %} in your organization
 

content/copilot/managing-copilot-business/managing-policies-for-copilot-business-in-your-organization.md

@@ -1,9 +1,11 @@
 ---
-title: Managing policies for Copilot for Business in your organization
+title: Managing policies for Copilot Business in your organization
 intro: 'Learn how to manage policies for {% data variables.product.prodname_copilot_for_business %} in your organization.'
 permissions: Organization owners can configure policies for {% data variables.product.prodname_copilot_for_business %} for their organization.
 versions:
   feature: copilot
+redirect_from:
+  - /copilot/managing-copilot-for-business/managing-policies-for-copilot-for-business-in-your-organization
 topics:
   - Copilot
 shortTitle: Managing policies
@@ -37,4 +39,4 @@ shortTitle: Managing policies
 
 ## Further reading
 
-- "[AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-for-business-privacy-statement)"
+- "[AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-business-privacy-statement)"

content/copilot/managing-copilot-business/reviewing-your-organization-or-enterprises-audit-logs-for-copilot-business.md

@@ -1,7 +1,9 @@
 ---
-title: Reviewing your organization{% ifversion ghec%} or enterprise{% endif %}'s audit logs for Copilot for Business
+title: Reviewing your organization{% ifversion ghec%} or enterprise{% endif %}'s audit logs for Copilot Business
 intro: 'Review the audit logs for your {% data variables.product.prodname_copilot_business_short %} subscription to understand what actions have been taken and by which users.'
 allowTitleToDifferFromFilename: true
+redirect_from:
+  - /copilot/managing-copilot-for-business/reviewing-your-organization-or-enterprises-audit-logs-for-copilot-for-business
 versions:
   feature: copilot
 product: '{% data reusables.gated-features.copilot-audit-logs %}'
@@ -39,6 +41,7 @@ You can search for any of the {% data variables.product.prodname_copilot %} audi
 |------------------|-------------------{% ifversion ghec %}
 |`cfb_enterprise_settings_changed`| Settings for {% data variables.product.prodname_copilot_business_short %} were changed at the enterprise level.
 |`copilot.cfb_enterprise_org_enablement_changed` | The {% data variables.product.prodname_copilot_business_short %} enablement policy changed at the enterprise level or for an organization within the enterprise.
+|`copilot.content_exclusion_changed` | The content exclusion settings for {% data variables.product.prodname_copilot_business_short %} were changed.
 |`clickwrap_save_event`| The {% data variables.product.prodname_copilot %} Product Specific Terms were accepted.{% endif %}
 |`cfb_org_settings_changed`| Settings for {% data variables.product.prodname_copilot_business_short %} were changed at the organization level.
 |`copilot.cfb_seat_cancelled_by_staff`| A seat was cancelled from the {% data variables.product.prodname_copilot_business_short %} subscription manually by GitHub staff.

content/copilot/managing-copilot-for-business/index.md

@@ -1,16 +0,0 @@
----
-title: Managing Copilot for Business
-shortTitle: Manage Copilot for Business
-intro: 'Learn how to manage your Copilot for Business subscription.'
-redirect_from:
-  - /copilot/configuring-github-copilot/configuring-github-copilot-settings-in-your-organization
-versions:
-  feature: copilot
-topics:
-  - Copilot
-children:
-  - /reviewing-your-organization-or-enterprises-audit-logs-for-copilot-for-business
-  - /managing-access-for-copilot-for-business-in-your-organization
-  - /managing-policies-for-copilot-for-business-in-your-organization
-  - /enabling-and-setting-up-github-copilot-for-business  
----

content/copilot/overview-of-github-copilot/about-github-copilot-business.md

@@ -1,12 +1,14 @@
 ---
-title: About GitHub Copilot for Business
+title: About GitHub Copilot Business
 intro: 'With {% data variables.product.prodname_copilot_for_business %} you can manage access to {% data variables.product.prodname_copilot %} for your organization{% ifversion ghec%} or enterprise{% endif %}.'
 product: '{% data reusables.gated-features.copilot-billing %}'
+redirect_from:
+  - /copilot/overview-of-github-copilot/about-github-copilot-for-business
 versions:
   feature: copilot
 topics:
   - Copilot
-shortTitle: About GitHub Copilot for Business
+shortTitle: About GitHub Copilot Business
 ---
 
 ## About {% data variables.product.prodname_copilot_for_business %}
@@ -27,11 +29,11 @@ With {% data variables.product.prodname_copilot_business_short %}, you can manag
 
 To use {% data variables.product.prodname_copilot_business_short %}, you need to set up a subscription for your organization{% ifversion ghec %} or enterprise{% endif %} account. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/managing-your-github-copilot-subscription-for-your-organization-or-enterprise)."
 
-After setting up a subscription, you can enable {% data variables.product.prodname_copilot %} for organizations{% ifversion ghec %} within your enterprise{% endif %}. For more information, see "[AUTOTITLE](/copilot/overview-of-github-copilot/enabling-and-setting-up-github-copilot-for-business)."
+After setting up a subscription, you can enable {% data variables.product.prodname_copilot %} for organizations{% ifversion ghec %} within your enterprise{% endif %}. For more information, see "[AUTOTITLE](/copilot/managing-copilot-business/enabling-and-setting-up-github-copilot-business)."
 
 ## About billing for {% data variables.product.prodname_copilot_business_short %}
 
-{% data variables.product.prodname_copilot_business_short %} subscriptions are billed monthly, based on the number of {% data variables.product.prodname_copilot %} seats assigned to users within your organization{% ifversion ghec %} or enterprise{% endif %}. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#pricing-for-github-copilot-for-business)."
+{% data variables.product.prodname_copilot_business_short %} subscriptions are billed monthly, based on the number of {% data variables.product.prodname_copilot %} seats assigned to users within your organization{% ifversion ghec %} or enterprise{% endif %}. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot#pricing-for-github-copilot-business)."
 
 ## Requesting or granting access to {% data variables.product.prodname_copilot_for_business %}
 

content/copilot/overview-of-github-copilot/about-github-copilot-individual.md

@@ -1,13 +1,14 @@
 ---
-title: About GitHub Copilot for Individuals
+title: About GitHub Copilot Individual
 intro: '{% data variables.product.prodname_copilot %} can help you code by offering autocomplete-style suggestions. You can learn how {% data variables.product.prodname_copilot %} works, and what to consider while using {% data variables.product.prodname_copilot %}.'
+redirect_from:
+  - /copilot/overview-of-github-copilot/about-github-copilot-for-individuals
+  - /copilot/overview-of-github-copilot/about-github-copilot
 versions:
   feature: copilot
 topics:
   - Copilot
-shortTitle: About GitHub Copilot for Individuals
-redirect_from:
-  - /copilot/overview-of-github-copilot/about-github-copilot
+shortTitle: About GitHub Copilot Individual
 ---
 
 ## About {% data variables.product.prodname_copilot %}
@@ -99,5 +100,5 @@ No. We follow responsible practices in accordance with our [Privacy Statement](/
 ## Further reading
 
 - "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#github-copilot)"{% ifversion ghec %}
-- "[AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-for-business-privacy-statement)"{% endif %}
+- "[AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-copilot-business-privacy-statement)"{% endif %}
 - "[{% data variables.product.prodname_copilot %} FAQ](https://github.com/features/copilot#faq)"

content/copilot/overview-of-github-copilot/index.md

@@ -7,7 +7,7 @@ versions:
 topics:
   - Copilot
 children:
-  - /about-github-copilot-for-individuals
-  - /about-github-copilot-for-business
+  - /about-github-copilot-individual
+  - /about-github-copilot-business
 ---
 

content/copilot/quickstart.md

@@ -14,7 +14,7 @@ topics:
 
 {% data variables.product.prodname_copilot %} is an AI pair programmer. You can use {% data variables.product.prodname_copilot %} to get suggestions for whole lines or entire functions right inside your editor.
 
-This guide will show you how to set up a {% data variables.product.prodname_copilot %} subscription for your personal {% ifversion fpt %}or organization{% else %}, organization, or enterprise{% endif %} account, install the {% data variables.product.prodname_copilot %} extension in {% data variables.product.prodname_vscode %}, and get your first suggestion. For more information on {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-individuals)." For more in-depth information on how to use {% data variables.product.prodname_copilot %} in a variety of environments, see "[AUTOTITLE](/copilot/getting-started-with-github-copilot)."
+This guide will show you how to set up a {% data variables.product.prodname_copilot %} subscription for your personal {% ifversion fpt %}or organization{% else %}, organization, or enterprise{% endif %} account, install the {% data variables.product.prodname_copilot %} extension in {% data variables.product.prodname_vscode %}, and get your first suggestion. For more information on {% data variables.product.prodname_copilot %}, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)." For more in-depth information on how to use {% data variables.product.prodname_copilot %} in a variety of environments, see "[AUTOTITLE](/copilot/getting-started-with-github-copilot)."
 
 ## Signing up for {% data variables.product.prodname_copilot %} for your personal account
 
@@ -60,7 +60,7 @@ Before you can start using {% data variables.product.prodname_copilot %} in your
 
 {% data reusables.copilot.enabling-in-enterprise %}
 
-For more information, see "[AUTOTITLE](/copilot/overview-of-github-copilot/enabling-and-setting-up-github-copilot-for-business)."
+For more information, see "[AUTOTITLE](/copilot/managing-copilot-business/enabling-and-setting-up-github-copilot-business)."
 
 {% endif %}
 
@@ -100,5 +100,5 @@ To use {% data variables.product.prodname_copilot %}, you must first install the
 
 ## Further reading
 
-- [AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-individuals)
-- [AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-business)
+- [AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-individual)
+- [AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-business)

content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md

@@ -21,6 +21,22 @@ The {% data variables.product.prodname_copilot %} extension is frequently update
 
 For more information about configuring {% data variables.product.prodname_copilot %} in a supported IDE, see "[AUTOTITLE](/copilot/configuring-github-copilot/configuring-github-copilot-in-your-environment)."
 
+## {% data variables.product.prodname_copilot %} not working in some files
+
+If you're using {% data variables.product.prodname_copilot_for_business %}, you may not see code completion suggestions in your editor for some files. This happens when a file is excluded from being used by {% data variables.product.prodname_copilot %}. Content exclusion can be configured by a repository administrator, or by an organization owner.
+
+When a file is affected by a content exclusion setting, {% data variables.product.prodname_copilot %} will not suggest code completion in that file, and the content of that file will not be used to inform code completion suggestions in other files.
+
+{% data reusables.copilot.content-exclusion-tooltip %}
+
+## {% data variables.product.prodname_copilot %} content exclusions are not being applied
+
+{% data reusables.copilot.content-exclusions-scope %}
+
+{% data reusables.copilot.content-exclusions-delay %} For more information, see "[AUTOTITLE](/copilot/managing-copilot-business/configuring-content-exclusions-for-github-copilot#checking-the-affect-of-a-settings-change)."
+
+{% data reusables.copilot.content-exclusion-note %}
+
 ## Error: "{% data variables.product.prodname_copilot %} could not connect to server. Extension activation failed"
 
 This error indicates that you either do not have a {% data variables.product.prodname_copilot %} subscription, or there was an error connecting to the {% data variables.product.prodname_dotcom %} API to request a token to use {% data variables.product.prodname_copilot %}.

content/copilot/troubleshooting-github-copilot/troubleshooting-issues-with-github-copilot-chat.md

@@ -13,9 +13,9 @@ redirect_from:
   - /copilot/troubleshooting-github-copilot/troubleshooting-authentication-issues-with-github-copilot-chat
 ---
 
-If you need help with {% data variables.product.prodname_copilot_chat %} and can't find the answer here, you can report a bug or ask for help. For more information, see "[Sharing feedback about {% data variables.product.prodname_copilot_chat %}](/copilot/github-copilot-chat/using-github-copilot-chat#sharing-feedback-about-github-copilot-chat)."
+If you need help with {% data variables.product.prodname_copilot_chat %} and can't find the answer here, you can report a bug or ask for help. For more information, see "[Sharing feedback about {% data variables.product.prodname_copilot_chat %}](/copilot/github-copilot-chat/using-github-copilot-chat-in-your-ide#sharing-feedback-about-github-copilot-chat)."
 
-If you can't find {% data variables.product.prodname_copilot_chat %} in your editor, make sure you have checked the "[Prerequisites](/copilot/github-copilot-chat/using-github-copilot-chat#prerequisites)" section.
+If you can't find {% data variables.product.prodname_copilot_chat %} in your editor, make sure you have checked the "[Prerequisites](/copilot/github-copilot-chat/using-github-copilot-chat-in-your-ide#prerequisites)" section.
 
 ## Troubleshooting authentication issues in your editor
 

content/copilot/troubleshooting-github-copilot/troubleshooting-network-errors-for-github-copilot.md

@@ -57,7 +57,7 @@ Depending on your proxy setup, you may encounter errors like "certificate signat
 
 {% note %}
 
-**Note:** {% data variables.product.prodname_copilot %} only supports custom certificates if you use {% data variables.product.prodname_copilot_for_business %}. For more information, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-for-business)."
+**Note:** {% data variables.product.prodname_copilot %} only supports custom certificates if you use {% data variables.product.prodname_copilot_for_business %}. For more information, see "[AUTOTITLE](/copilot/overview-of-github-copilot/about-github-copilot-business)."
 
 {% endnote %}