Enterprise-managed settings now support strictKnownMarketplaces in VS Code and GitHub Copilot CLI

GitHub announced public preview of strictKnownMarketplaces enterprise-managed settings for VS Code and GitHub Copilot CLI, enabling administrators to restrict plugin installations to approved marketplaces. The setting is automatically applied to users licensed through Copilot Business or Enterprise accounts, enforcing client governance and reducing security risks from untrusted plugins.

Enterprise-managed settings now support strictKnownMarketplaces in VS Code and GitHub Copilot CLI Enterprises can now control which plugins their users can install in GitHub Copilot CLI and VS Code. This setting is now available in public preview. Add strictKnownMarketplaces to your enterprise-managed settings.json , and Copilot will only allow plugins to be installed from the marketplaces you’ve explicitly defined. GitHub Copilot automatically pulls and applies these settings for users licensed through your Copilot Business or Copilot Enterprise account. This is a direct way to enforce your client governance strategy prior to tool execution by removing the risk of users installing untrusted plugins. This update builds on the enterprise-managed plugins for Copilot CLI https://github.blog/changelog/2026-05-06-enterprise-managed-plugins-in-github-copilot-cli-are-now-in-public-preview/ and VS Code https://github.blog/changelog/2026-06-05-enterprise-managed-plugins-in-vs-code-in-public-preview/ capabilities we launched earlier. To learn more, see our documentation on Enterprise managed client settings https://docs.github.com/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/configure-enterprise-plugin-standards . Join the discussion within GitHub Community https://github.com/orgs/community/discussions/199139 .