You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
VS Code now consumes the GitHub Copilot /copilot_internal/managed_settings endpoint to apply enterprise OpenTelemetry (OTel) policy to both Copilot surfaces — the github.copilot.chat.otel.* extension settings and the chat.agentHost.otel.* agent-host settings — without introducing a new settings namespace. The managed telemetry.* block flows through the existing AccountPolicyService and respects the Account Policy Gate (the ChatApprovedAccountOrganizations allowlist).
Prerequisites
Important
You need an alternate GitHub account that is a member of the VSCodeTesting org and seated for Copilot Business/Enterprise.
Validate that the provided managed-keys configure the settings appropriately (use @hasPolicy):
1. telemetry.enabled (CopilotOtelEnabled)
With telemetry.enabled: true synced, both github.copilot.chat.otel.enabled and chat.agentHost.otel.enabled show the "Managed by organization" badge and are locked on.
The user cannot turn OTel off via settings while it is managed.
serviceName, resourceAttributes, and headers reflect the managed values and show the managed badge.
How to debug
Developer: Policy Diagnostics is the primary diagnostic. It shows the raw managed_settings bag, the gate state, last fetch status, and the applied policy values for each CopilotOtel* policy (and which channel — Server / Native MDM / File — is winning each key).
Refs: #298965 #323171
Complexity: 4
Authors: @zhichli
Create Issue
Companion TPI (MDM delivery): #324134
What it does
VS Code now consumes the GitHub Copilot
/copilot_internal/managed_settingsendpoint to apply enterprise OpenTelemetry (OTel) policy to both Copilot surfaces — thegithub.copilot.chat.otel.*extension settings and thechat.agentHost.otel.*agent-host settings — without introducing a new settings namespace. The managedtelemetry.*block flows through the existingAccountPolicyServiceand respects the Account Policy Gate (theChatApprovedAccountOrganizationsallowlist).Prerequisites
Important
You need an alternate GitHub account that is a member of the
VSCodeTestingorg and seated for Copilot Business/Enterprise.Ping @zhichli if you need help
Sign out of your primary GitHub account in VS Code Insiders and sign in with the alt account.
The active policy lives in
VSCodeTesting/.github-private/copilot/managed-settings.json— read it to know what's currently configured, but don't edit it. You shouldn't need to edit it to get basic testing done.Supported keys
telemetry.enabledtrueCopilotOtelEnabledtelemetry.endpointhttp://localhost:4318CopilotOtelEndpointtelemetry.protocolhttp/jsonCopilotOtelProtocol,CopilotOtelOtlpProtocoltelemetry.captureContenttrueCopilotOtelCaptureContenttelemetry.lockCaptureContenttrueCopilotOtelCaptureContenttelemetry.serviceNamecopilot-policy-smoke-testCopilotOtelServiceNametelemetry.resourceAttributes{"deployment.environment":"local","service.namespace":"vscode-testing-policy","policy.source":"managed-settings"}CopilotOtelResourceAttributestelemetry.headers{"x-copilot-policy-test":"managed-settings","x-service-name":"copilot-policy-smoke-test"}CopilotOtelHeadersScenarios
Validate that the provided managed-keys configure the settings appropriately (use
@hasPolicy):1.
telemetry.enabled(CopilotOtelEnabled)telemetry.enabled: truesynced, bothgithub.copilot.chat.otel.enabledandchat.agentHost.otel.enabledshow the "Managed by organization" badge and are locked on.2.
telemetry.endpoint/telemetry.protocol(CopilotOtelEndpoint,CopilotOtelProtocol,CopilotOtelOtlpProtocol)outfilediversion is disabled), so telemetry can't be redirected to a local file.3.
telemetry.captureContent/telemetry.lockCaptureContent(CopilotOtelCaptureContent)captureContentvalue is authoritative and shows the managed badge.lockCaptureContent: true, the user cannot enable content capture themselves.4.
telemetry.serviceName/telemetry.resourceAttributes/telemetry.headersserviceName,resourceAttributes, andheadersreflect the managed values and show the managed badge.How to debug
Developer: Policy Diagnostics is the primary diagnostic. It shows the raw
managed_settingsbag, the gate state, last fetch status, and the applied policy values for eachCopilotOtel*policy (and which channel — Server / Native MDM / File — is winning each key).