From ae13b83026f20f61009338174d413ee24f792556 Mon Sep 17 00:00:00 2001 From: Xuefeng Date: Mon, 2 Jun 2025 13:03:20 +0800 Subject: [PATCH 1/2] Update configuring-your-proxy-server-or-firewall-for-copilot.md Updates based on actual offline environment configuration in a company --- ...ur-proxy-server-or-firewall-for-copilot.md | 51 +++++++++++++++---- 1 file changed, 41 insertions(+), 10 deletions(-) diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md index c9c093a60a45..5c389cfe6476 100644 --- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md @@ -11,20 +11,51 @@ shortTitle: Allow Copilot traffic If your company employs security measures like a firewall or proxy server, you should add the following URLs, ports, and protocols to an allowlist to ensure {% data variables.product.prodname_copilot_short %} works as expected: +## GitHub Enterprise Related URLs | Domain and/or URL | Purpose | | :------------------------------------- | :--------------------------------- | -| `https://github.com/login/*` | Authentication | +| `https://github.com/YOUR-ENTERPRISE/*` | Enterprise URL | +| `https://github.com/YOUR-ENTERPRISE?*` | Enterprise URL | | `https://github.com/enterprises/YOUR-ENTERPRISE/*` | Authentication for {% data variables.enterprise.prodname_managed_users %}, only required with {% data variables.product.prodname_emus %} | -| `https://api.github.com/user` | User Management | + +## GitHub Public URLs +| Domain and/or URL | Purpose | +| :------------------------------------- | :--------------------------------- | +| `https://github.com/login/*` | Authentication, only required with Personal Users | +| `https://github.com/login?*` | Authentication, only required with Personal Users | +| `https://github.com/login/oauth/*` | Authentication, only required with {% data variables.product.prodname_emus %} | +| `https://api.github.com/user/*` | User Management | +| `https://github.com/favicon.ico` | Icon | +| `https://github.com/account/*` | Account | +| `https://github.com/settings/*` | Settings | +| `https://avatars.githubusercontent.com/*` | Avatars | +| `https://github.com/copilot/*` | Copilot | +| `https://raw.githubusercontent.com/*` | Raw Content | +| `https://github.githubassets.com/*` | GitHub Assets | +| `https://collector.github.com/*` | Collector | +| `https://github.com/github-copilot/*` | GitHub Copilot | +| `https://api.github.com/*` | API | +| `https://github.com/notifications/*` | Notifications | +| `https://github.com/session/*` | Session | +| `https://github.com/dashboard/*` | Dashboard | +| `https://github.com/dashboard?*` | Dashboard | +| `https://github.com/logout/*` | Logout | +| `https://github.com/logout?*` | Logout | +| `https://github.com/switch_account?*` | Switch Account | +| `https://github.com/switch_account/*` | Switch Account | + +## GitHub Copilot Related URLs +| Domain and/or URL | Purpose | +| :------------------------------------- | :--------------------------------- | | `https://api.github.com/copilot_internal/*` | User Management | -| `https://copilot-telemetry.githubusercontent.com/telemetry` | Telemetry | -| `https://default.exp-tas.com` | Telemetry | -| `https://copilot-proxy.githubusercontent.com` | API service for {% data variables.product.prodname_copilot_short %} suggestions | -| `https://origin-tracker.githubusercontent.com` | API service for {% data variables.product.prodname_copilot_short %} suggestions | -| `https://*.githubcopilot.com`[^1] | API service for {% data variables.product.prodname_copilot_short %} suggestions | -| `https://*.individual.githubcopilot.com`[^2] | API service for {% data variables.product.prodname_copilot_short %} suggestions | -| `https://*.business.githubcopilot.com`[^3] | API service for {% data variables.product.prodname_copilot_short %} suggestions | -| `https://*.enterprise.githubcopilot.com`[^4] | API service for {% data variables.product.prodname_copilot_short %} suggestions | +| `https://copilot-telemetry.githubusercontent.com/telemetry/*` | Telemetry | +| `https://default.exp-tas.com/*` | Telemetry | +| `https://copilot-proxy.githubusercontent.com/*` | API service for {% data variables.product.prodname_copilot_short %} suggestions | +| `https://origin-tracker.githubusercontent.com/*` | API service for {% data variables.product.prodname_copilot_short %} suggestions | +| `https://*.githubcopilot.com/*`[^1] | API service for {% data variables.product.prodname_copilot_short %} suggestions | +| `https://*.individual.githubcopilot.com/*`[^2] | API service for {% data variables.product.prodname_copilot_short %} suggestions | +| `https://*.business.githubcopilot.com/*`[^3] | API service for {% data variables.product.prodname_copilot_short %} suggestions | +| `https://*.enterprise.githubcopilot.com/*`[^4] | API service for {% data variables.product.prodname_copilot_short %} suggestions | Depending on the security policies and editors your organization uses, you may need to allowlist additional domains and URLs. For more information on specific editors, see [Further reading](#further-reading). From 1b87df495541c3a4b7c7e12fd724b53df1357577 Mon Sep 17 00:00:00 2001 From: Xuefeng Date: Mon, 2 Jun 2025 13:24:12 +0800 Subject: [PATCH 2/2] allowlist URLs for Microsoft Extro ID --- ...nfiguring-your-proxy-server-or-firewall-for-copilot.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md index 5c389cfe6476..21c0a06e775e 100644 --- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/configuring-your-proxy-server-or-firewall-for-copilot.md @@ -57,6 +57,14 @@ If your company employs security measures like a firewall or proxy server, you s | `https://*.business.githubcopilot.com/*`[^3] | API service for {% data variables.product.prodname_copilot_short %} suggestions | | `https://*.enterprise.githubcopilot.com/*`[^4] | API service for {% data variables.product.prodname_copilot_short %} suggestions | + +If your organization is using Microsoft Extra ID, you also need to add the following URLs to the allowlist: +- `https://login.microsoftonline.com/*` +- `https://aadcdn.msauth.net/*` +- `https://login.live.com/*` +- `https://*.activedirectory.windowsazure.com/*` + + Depending on the security policies and editors your organization uses, you may need to allowlist additional domains and URLs. For more information on specific editors, see [Further reading](#further-reading). Every user of the proxy server or firewall also needs to configure their own environment to connect to {% data variables.product.prodname_copilot_short %}. See [AUTOTITLE](/copilot/configuring-github-copilot/configuring-network-settings-for-github-copilot).