diff --git a/assets/images/help/enterprises/edit-agent-profile-ruleset.png b/assets/images/help/enterprises/edit-agent-profile-ruleset.png new file mode 100644 index 0000000000..36094768aa Binary files /dev/null and b/assets/images/help/enterprises/edit-agent-profile-ruleset.png differ diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents.md index e0a58727ab..03df4ed28a 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/prepare-for-custom-agents.md @@ -33,4 +33,6 @@ Enterprise-level {% data variables.copilot.custom_agents_short %} are defined in ## Next steps -To implement {% data variables.copilot.custom_agents_short %} in your enterprise, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents). +To reduce your administrative burden and empower your SMEs, you can delegate the creation and management of {% data variables.copilot.custom_agents_short %} in your enterprise by creating a team of AI managers. See [AUTOTITLE](/copilot/tutorials/roll-out-at-scale/establish-ai-managers). + +If you prefer to maintain full control over your enterprise's tooling to ensure security and compliance, you can create and manage {% data variables.copilot.custom_agents_short %} yourself. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents). diff --git a/content/copilot/reference/agentic-audit-log-events.md b/content/copilot/reference/agentic-audit-log-events.md index 805888a5f0..efe042df3b 100644 --- a/content/copilot/reference/agentic-audit-log-events.md +++ b/content/copilot/reference/agentic-audit-log-events.md @@ -2,7 +2,7 @@ title: Audit log events for agents shortTitle: Agentic audit log events intro: 'Understand the structure of audit log events for agents in your enterprise.' -permissions: Enterprise owners and people with read permissions for enterprise audit logs +permissions: Enterprise owners versions: feature: copilot topics: diff --git a/content/copilot/tutorials/roll-out-at-scale/establish-ai-managers.md b/content/copilot/tutorials/roll-out-at-scale/establish-ai-managers.md new file mode 100644 index 0000000000..d7d7cfd30d --- /dev/null +++ b/content/copilot/tutorials/roll-out-at-scale/establish-ai-managers.md @@ -0,0 +1,74 @@ +--- +title: Establishing AI managers in your enterprise +intro: 'Reduce your administrative burden and empower your SMEs by creating a team of AI managers.' +permissions: Enterprise owners +versions: + feature: copilot +topics: + - Copilot +shortTitle: Establish AI managers +contentType: tutorials +--- + +> [!NOTE] +> Enterprise custom roles, enterprise teams, and the AI Controls view are in public preview and subject to change. + +## Overview + +You can use custom roles and enterprise teams to delegate AI administration permissions without granting enterprise ownership. AI managers can view and manage **nearly all AI features in your enterprise's AI Controls**, including agentic AI features, {% data variables.product.prodname_copilot_short %} features, and Model Context Protocol (MCP) features. + +Unless you grant additional permissions beyond those listed in this article, AI managers **cannot access** the following: +* Access management settings for {% data variables.product.prodname_copilot_short %} +* Settings in the "Billing" section of the {% data variables.product.prodname_copilot_short %} page +* Settings in the "Metrics" section of the {% data variables.product.prodname_copilot_short %} page + +## 1. Create a custom role for AI management + +To get started, you need to create a custom role with the necessary permissions for AI management. + +{% data reusables.enterprise-accounts.start-creating-custom-role %} +1. To clarify the purpose of the role, give it a name and description. +1. In the "Add permissions" section, use the search bar to find and select the following permissions: + + * **Manage enterprise AI controls**: Allows this role to view and manage all settings in the "AI Controls" tab for your enterprise + * **Read enterprise audit logs**: Allows this role to view **all** audit log events for your enterprise, helping your AI managers monitor agentic activity + +1. Click **Create role**. + +## 2. Create an enterprise team for AI management + +Now that you have created your AI manager role, you need to set up an enterprise team and add your future AI managers as members. + +1. In the sidebar of the "People" tab, click {% octicon "people" aria-hidden="true" aria-label="people" %} **Enterprise teams**. +1. Click **Create Enterprise team**. +1. Give your team a name, then click **Create Enterprise team**. +1. On the team page, select the **Add members** dropdown menu, then click the members of your enterprise you want to grant AI management permissions to. +1. To confirm your selections, click **Add**. + +## 3. Assign the AI management role to your team + +With both your AI management role and team created, you can now assign the role to your team, granting management permissions to your team members. + +1. In the sidebar of the "People" tab, select {% octicon "globe" aria-hidden="true" aria-label="globe" %} **Enterprise roles**, then click **Role assignments**. +1. On the "Enterprise role assignments" page, click **Assign role**. +1. In the "Assign role to" section, select the **Select user or team** dropdown menu, then click your AI management team. +1. In the "Select role" section, click your AI management role. +1. At the bottom of the page, click **Assign role**. + +## 4. Grant your AI managers bypass permissions for {% data variables.copilot.agent_profiles %} + +If you have created a ruleset targeting {% data variables.copilot.agent_profiles %} in your enterprise, you can grant bypass access to allow your AI managers to create and edit those profiles. This access also lets your AI managers merge pull requests modifying those files, allowing your developers to propose {% data variables.copilot.custom_agents_short %} while maintaining your enterprise's security standards. + +{% data reusables.enterprise-accounts.ai-controls-tab %} +1. In the "Only enterprise admins can edit agent files" field, click **Edit ruleset** {% octicon "chevron-right" aria-hidden="true" aria-label="chevron-right" %}. + + ![Screenshot of the "Installed agents" section of the agent settings page. A button labeled "Edit ruleset" is outlined in dark orange.](/assets/images/help/enterprises/edit-agent-profile-ruleset.png) + +1. In the "Bypass list" section, select the {% octicon "plus" aria-hidden="true" aria-label="plus" %} **Add bypass** dropdown menu, then click your AI management team. +1. At the bottom of the page, click **Save changes**. + +## Next steps + +Now that you have established AI managers for your enterprise, help them customize and manage your enterprise's AI experience by sharing the following resources: +* [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-enterprise-policies) +* [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/create-custom-agents) diff --git a/content/copilot/tutorials/roll-out-at-scale/index.md b/content/copilot/tutorials/roll-out-at-scale/index.md index 160d098c53..61224ece51 100644 --- a/content/copilot/tutorials/roll-out-at-scale/index.md +++ b/content/copilot/tutorials/roll-out-at-scale/index.md @@ -8,6 +8,7 @@ topics: - Copilot children: - /assign-licenses + - /establish-ai-managers - /enable-developers - /drive-downstream-impact - /measure-success diff --git a/data/reusables/enterprise-accounts/start-creating-custom-role.md b/data/reusables/enterprise-accounts/start-creating-custom-role.md new file mode 100644 index 0000000000..a3ecc69214 --- /dev/null +++ b/data/reusables/enterprise-accounts/start-creating-custom-role.md @@ -0,0 +1,4 @@ +{% data reusables.enterprise-accounts.access-enterprise %} +{% data reusables.enterprise-accounts.people-tab %} +1. In the left sidebar, click **{% octicon "globe" aria-hidden="true" aria-label="globe" %} Enterprise roles**, then click **Role management**. +1. Click **Create custom role**. diff --git a/data/reusables/enterprise-onboarding/create-custom-roles.md b/data/reusables/enterprise-onboarding/create-custom-roles.md index 52fcdde1a8..8ee9278832 100644 --- a/data/reusables/enterprise-onboarding/create-custom-roles.md +++ b/data/reusables/enterprise-onboarding/create-custom-roles.md @@ -10,10 +10,7 @@ Custom roles are sets of permissions for settings and resources that you can ass Enterprise custom roles grant access to a subset of enterprise settings, such as viewing audit logs and creating organizations. {% data variables.product.github %} plans to expand the list of available permissions over time. -{% data reusables.enterprise-accounts.access-enterprise %} -{% data reusables.enterprise-accounts.people-tab %} -1. In the left sidebar, click **{% octicon "globe" aria-hidden="true" aria-label="globe" %} Enterprise roles**, then click **Role management**. -1. Click **Create custom role**. +{% data reusables.enterprise-accounts.start-creating-custom-role %} 1. Enter the details, then click **Create role**. {% endif %}