With enterprise managed settings, enterprise owners can centrally define and distribute configuration settings to Второй пилот CLI and VS Code for users on your enterprise's Copilot plan, ensuring every member works within the same guardrails. Additional client support will follow. The managed-settings.json takes precedence over file-based configuration set by users in their clients for the supported keys.
Consolidated schema reference
The managed-settings.json file supports the following top-level properties. You can include any combination of these properties based on which settings you want to enforce.
{
"extraKnownMarketplaces": {
"agent-skills": {
"source": {
"source": "github",
"repo": "OWNER/REPO"
}
}
},
"strictKnownMarketplaces": [
{
"source": "github",
"repo": "OWNER/REPO"
}
],
"enabledPlugins": {
"PLUGIN-NAME@MARKETPLACE-NAME": true
},
"permissions": {
"disableBypassPermissionsMode": "disable",
"model": "auto"
}
}
{
"extraKnownMarketplaces": {
"agent-skills": {
"source": {
"source": "github",
"repo": "OWNER/REPO"
}
}
},
"strictKnownMarketplaces": [
{
"source": "github",
"repo": "OWNER/REPO"
}
],
"enabledPlugins": {
"PLUGIN-NAME@MARKETPLACE-NAME": true
},
"permissions": {
"disableBypassPermissionsMode": "disable",
"model": "auto"
}
}
extraKnownMarketplaces: Defines additional plugin marketplaces available to users. Each entry is a named marketplace object containing asourceproperty that specifies the provider ("github") and the repository inOWNER/REPOformat.strictKnownMarketplaces: Restricts plugin installation to only the marketplaces explicitly defined by the enterprise. Each entry is a marketplace object containing asourceproperty. Thesourcespecifies the provider as either"github"with arepoinOWNER/REPOformat, or"git"with aurlpointing to a git repository.enabledPlugins: Defines plugins that are automatically installed for all enterprise users. Each entry uses the formatPLUGIN-NAME@MARKETPLACE-NAMEas the key, with a boolean value oftrueto enable the plugin.permissions: Controls whether users can bypass command approval.- Set
modelto"auto"so new conversations start with Copilot auto model selection by default. Users can still switch to a different model on a per-conversation basis. - Set
disableBypassPermissionsModeto"disable"to prevent users from turning on bypass mode. See Disabling bypass mode for your enterprise further in this article for more information.
- Set
Configuring enterprise plugin standards
You can apply settings to control users' available plugin marketplaces and default-installed plugins. See О стандартах плагинов, управляемых корпоративным предприятием.
-
В репозитории
.github-privateвашего предприятия создайте управляемый файл настроек по адресуcopilot/managed-settings.json. Если вы не установили.github-privateрепозиторий в качестве источника конфигурации агентов вашего предприятия, см. Создание .github-private репозитория.Также поддерживается наследственный путь (
.github/copilot/settings.json). -
Add your plugin policy configuration to the file, using the
extraKnownMarketplaces,strictKnownMarketplaces, andenabledPluginsproperties described in Consolidated schema reference.JSON { "extraKnownMarketplaces": { "agent-skills": { "source": { "source": "github", "repo": "OWNER/REPO" } } }, "strictKnownMarketplaces": [ { "source": "github", "repo": "OWNER/REPO" } ], "enabledPlugins": { "PLUGIN-NAME@MARKETPLACE-NAME": true } }{ "extraKnownMarketplaces": { "agent-skills": { "source": { "source": "github", "repo": "OWNER/REPO" } } }, "strictKnownMarketplaces": [ { "source": "github", "repo": "OWNER/REPO" } ], "enabledPlugins": { "PLUGIN-NAME@MARKETPLACE-NAME": true } } -
Commit and push your changes to the default branch of the
.github-privaterepository.
Setting Copilot auto model selection as the default
You can set auto model selection as the default model for new conversations in Второй пилот CLI and VS Code. To learn more see О компании Copilotвыбор автоматической модели. By setting it as the default for your enterprise, you ensure new conversations start with Auto model selected.
What setting Auto model as the default does
When you set model to "auto" under permissions, new conversations start with Auto model selected in both clients:
- In Второй пилот CLI, new sessions use Auto model unless the user specifies a different model.
- In VS Code, the model picker defaults to Auto model when a user starts a new conversation.
Users can still switch to a different model on a per-conversation basis.
Disabling bypass mode for your enterprise
You can prevent users from enabling bypass mode (also known as "YOLO mode") in Второй пилот CLI and VS Code. Bypass mode lets an agent run commands, access files, and fetch URLs without asking for approval. By disabling it for your enterprise, you ensure that a person reviews each of these actions.
What disabling bypass mode prevents
When you set disableBypassPermissionsMode to "disable", users cannot turn on bypass mode in either client:
- In Второй пилот CLI, the
--yolo,--allow-all,--allow-all-tools,--allow-all-paths, and--allow-all-urlscommand-line options and the/yoloand/allow-allslash commands are blocked. - In VS Code, the global auto-approve setting (
chat.tools.global.autoApprove), also known as "YOLO mode," is turned off and cannot be re-enabled.
Configuring the setting
-
В репозитории
.github-privateвашего предприятия создайте управляемый файл настроек по адресуcopilot/managed-settings.json. Если вы не установили.github-privateрепозиторий в качестве источника конфигурации агентов вашего предприятия, см. Создание .github-private репозитория.Также поддерживается наследственный путь (
.github/copilot/settings.json). -
Add the
permissionsproperty to the file, withdisableBypassPermissionsModeset to"disable".JSON { "permissions": { "disableBypassPermissionsMode": "disable" } }{ "permissions": { "disableBypassPermissionsMode": "disable" } } -
Commit and push your changes to the default branch of the
.github-privaterepository.
Verifying the configuration has applied
Once the configuration is committed, users will see the specified settings the next time they authenticate from a supported client. Clients pull the latest configuration once per hour.
If a user does not see these settings, ensure they receive access to Copilot through your enterprise or one of its organizations. If a user receives a license from multiple billing entities, ensure they have selected your enterprise in the "Usage billed to" dropdown in their personal Copilot settings.