Org / Enterprise policy to disable “Allow all” in Copilot Chat (VS Code)

[ronkats]

🏷️ Discussion Type

Product Feedback

💬 Feature/Topic Area

Other

Body

Problem
We use GitHub Copilot Business in a regulated environment.
Today, when using Copilot Chat in VS Code, users can select “Allow all” (or equivalent bulk‑approval options) when applying Copilot‑suggested edits or actions.

There is currently no organization‑ or enterprise‑level policy to prevent this. Approval behavior is fully user‑controlled in the IDE.

For compliance and risk‑management reasons, we need the ability to enforce per‑action approval and prevent blanket approval of Copilot actions.

Current behavior

• Copilot Chat in VS Code allows users to approve multiple actions at once via “Allow all”
• Administrators cannot restrict or disable this behavior via Copilot Business policies
• This differs from Copilot CLI, which supports tool‑level allow/deny and approval enforcement

Requested feature
Add an organization and/or enterprise‑level Copilot policy that:

• Disables or hides the “Allow all” option in Copilot Chat (IDE experiences)
• Forces explicit, per‑action approval for Copilot‑proposed edits or commands
• Is admin‑enforced and not overridable by users

This policy should apply at least to:

• VS Code Copilot Chat
• Copilot Edits / multi‑file changes in IDEs

Why this matters

• Required for regulated and security‑sensitive environments
• Prevents accidental bulk changes or approvals
• Enables safer adoption of Copilot Business without disabling Copilot Chat entirely
• Brings policy parity between Copilot CLI and IDE Copilot experiences

Scope clarification

We are not asking for Copilot to execute commands automatically.
We are asking for administrative control over approval granularity in IDE Copilot experiences.

Copilot plan
GitHub Copilot Business

[github-actions[bot]]

💬 Your Product Feedback Has Been Submitted 🎉

Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users.

Here's what you can expect moving forward ⏩

• Your input will be carefully reviewed and cataloged by members of our product teams. 
  • Due to the high volume of submissions, we may not always be able to provide individual responses.
  • Rest assured, your feedback will help chart our course for product improvements.
• Other users may engage with your post, sharing their own perspectives or experiences. 
• GitHub staff may reach out for further clarification or insight. 
  • We may 'Answer' your discussion if there is a current solution, workaround, or roadmap/changelog post related to the feedback.

Where to look to see what's shipping 👀

• Read the Changelog for real-time updates on the latest GitHub features, enhancements, and calls for feedback.
• Explore our Product Roadmap, which details upcoming major releases and initiatives.

What you can do in the meantime 💻

• Upvote and comment on other user feedback Discussions that resonate with you.
• Add more information at any point! Useful details include: use cases, relevant labels, desired outcomes, and any accompanying screenshots.

As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities.

Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐

[itxashancode]

Current Policy Capabilities

As of today, GitHub does not provide an organization- or enterprise-level policy to disable the “Allow all” or bulk-approval option in Copilot Chat, Copilot Edits, or the VS Code IDE. The approval workflow is intentionally designed to run client-side, giving developers granular control over how they review and apply AI-generated changes. This behavior is consistent across VS Code, JetBrains, and Visual Studio, and differs from the CLI where tool-level allow/deny flags can be scripted.

While GitHub has rapidly expanded Copilot policy controls for public-code matching, repository access, and plan assignment, fine-grained approval enforcement remains a product gap for regulated environments. The GitHub Copilot engineering team tracks this internally, and compliance-driven requests like yours are actively influencing their roadmap.

Available Admin Controls & Compliance Workarounds

Until a native policy is released, you can enforce compliance and mitigate bulk-approval risks using the following strategies:

1. Enforce Mandatory Code Review Gates
   Configure branch protection rules that require PR reviews, status checks, and CODEOWNERS approval before merging. This ensures that even if a developer uses “Allow all”, no code reaches production without human review.

   # Example: Required branch protection via GitHub API
   curl -L \
     -X PUT \
     -H "Accept: application/vnd.github+json" \
     -H "Authorization: Bearer <TOKEN>" \
     https://api.github.com/repos/OWNER/REPO/branches/main/protection \
     -d '{"required_pull_request_reviews":{"required_approving_review_count":2}}'

2. Centralize VS Code Configuration via MDM/GPO
   Deploy a locked settings.json or use VS Code's enterprise management to restrict workspace overrides. While this won’t remove the “Allow all” UI, it standardizes the environment and prevents users from enabling experimental or auto-apply features.

   {
     "github.copilot.advanced.inlineSuggest.enable": true,
     "workbench.settings.useSplitJSON": false,
     "extensions.ignoreRecommendations": true
   }

3. Leverage Copilot Policy Scoping
   Restrict Copilot access to specific teams or repositories via Settings → Policies → GitHub Copilot. You can temporarily disable Copilot Chat for high-risk repos while keeping inline suggestions active for reference-only workflows.

4. Audit & Monitor Usage
   Use the GitHub Copilot usage metrics dashboard to track adoption, active users, and suggestion acceptance rates. Pair this with SIEM integration (via GitHub Audit Log) to monitor policy violations or unusual bulk-change patterns.

How to Submit & Track This Request

To accelerate native policy support, submit your requirement through GitHub’s official channels:

• VS Code Feedback: Open Copilot Chat → click the ⋯ menu → Send Feedback → select Idea. Attach screenshots of the approval UI and specify your compliance framework (SOC 2, HIPAA, ISO 27001, etc.).
• GitHub Community: Post in the Copilot Feedback Discussions with the exact policy behavior you need.
• Enterprise Support: If you have a Copilot Business/Enterprise contract, open a support ticket tagged Feature Request: Copilot Policy. Product managers prioritize requests backed by enterprise compliance requirements.

Official Documentation

• Manage GitHub Copilot policies for your organization
• Configure GitHub Copilot in Visual Studio Code
• GitHub Copilot usage metrics & auditing

This control is widely requested by regulated sectors. Combining centralized IDE configuration, strict branch protection, and formal product feedback will help bridge the gap while GitHub develops native policy enforcement.