Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
SQL Server Management Studio (SSMS) 22 introduces new features that enable administrators to configure and manage GitHub Copilot more effectively within their enterprise. These features provide administrators greater control over the use of Copilot within their organization.
Admins can disable Copilot for individual accounts, disable it entirely, configure an agentExecuteAsUser in the database CONSTITUTION.md to specify a particular database user or SQL login to use when interacting with a database, and configure content exclusion to prevent certain files from being available to Copilot in SSMS.
In this article, you learn how to:
- Disable Copilot
- Configure execution context
- Configure content exclusion
Disable Copilot
With SSMS 22.4.1 and later, administrators can disable Copilot for individual accounts or disable it entirely using the Visual Studio Administrative Templates (ADMX/ADML), and you can disable Copilot Free. Preventing unexpected access ensures that your environment remains protected.
To configure and deploy these policies, you can use Microsoft Intune or the Local Group Policy Editor directly on the client machine.
Configure Copilot group policy
- Visit the Microsoft Download Center to download the Visual Studio Group Policy Administrative Template files (ADMX/ADML). When prompted, ensure the files are saved to
C:\Windows\PolicyDefinitions. - Open the Windows Local Group Policy Editor and navigate to Computer Configuration > Administrative Templates > SQL Server Management Studio > Copilot Settings. Select a group policy.
- Once you select the group policy, configure it to enable or disable Copilot as needed.
- Restart SSMS to apply the new policy changes.
Disable Copilot in GitHub
With SSMS 22.4.1 or later versions, administrators can disable Copilot for individual accounts or for an entire organization through GitHub Copilot settings. For Copilot Business and Enterprise subscriptions, administrators manage access through the organization or enterprise settings on GitHub.com. Individual users can be granted or revoked access to Copilot through license assignment.
For more information, see Managing GitHub Copilot in your organization.
Uninstall GitHub Copilot in SSMS
If your organization requires that GitHub Copilot isn't available in SSMS, you can remove the AI Assistance workload through the Visual Studio Installer. For detailed steps, see Uninstall GitHub Copilot in SSMS using the Visual Studio Installer.
You can also hide the Copilot badge in SSMS without uninstalling. For more information, see Hide the Copilot badge.
Disable Agent mode
With SSMS 22.7 or later versions, administrators can fully disable Agent mode using Visual Studio Administrative Templates (ADMX/ADML). With this policy setting, administrators can control which AI-assisted features are available in their organization, helping ensure usage aligns with security and compliance requirements.
Policy location in the Local Group Policy Editor: Computer Configuration > Administrative Templates > SQL Server Management Studio > Copilot Settings > Disable Agent Mode
Configure the GitHub Copilot execution context for a database
With SSMS 22.7 or later versions, administrators can configure execution context that ensures Copilot-generated queries run under a dedicated, least-privileged account rather than the user's own permissions. This configuration uses a database user or SQL login, specified in the database's CONSTITUTION.md. For more information, see Execution context for GitHub Copilot in SQL Server Management Studio.
Configure the MCP server allow list
With SSMS 22.7, administrators can configure an allow list of approved MCP servers through the GitHub Copilot administration dashboard. When an allow list is configured, developers in the organization can only connect to MCP servers that appear on the approved list.
How the MCP server allow list works
Administrators specify which MCP servers are allowed within their organization by using the GitHub Copilot enterprise policies for MCP. In the enterprise or organization settings, navigate to AI Controls and select MCP in the sidebar to configure MCP server policies.
SSMS checks the allow list when a user attempts to connect to an MCP server.
If the server is on the allow list, the connection proceeds normally.
If the server isn't on the allow list, SSMS blocks the connection and displays an error message indicating the organization's policy doesn't permit the server.
This feature helps organizations control which MCP servers can process sensitive data and maintain compliance with security policies.
Configure content exclusion
Content exclusion for GitHub Copilot enables administrators to prevent certain files from being available to Copilot and keep sensitive content secure from Copilot use. You can use content exclusions to configure GitHub Copilot to ignore specific files in a repository or organization.
Content exclusion is available only with a GitHub Copilot Business or a GitHub Copilot Enterprise subscription.
With SSMS 22.4.1 or later versions, GitHub Copilot in SSMS ignores excluded content. When content is excluded, completions and chat aren't available for the affected files.
Code completions in SSMS and content exclusions
Code completions aren't available for excluded files, and excluded content isn't included in code completion suggestions for other files.
GitHub Copilot Chat in SSMS and content exclusions
Excluded files can't be referenced in the chat window, and excluded content isn't included in GitHub Copilot responses.
Related content
- Install GitHub Copilot in SQL Server Management Studio
- Manage Copilot usage in SQL Server Management Studio
- Use GitHub Copilot for free in SQL Server Management Studio
- Use GitHub Copilot Agent mode (preview) in SQL Server Management Studio
- GitHub Copilot Trust Center
- Managing GitHub Copilot in your organization
- Troubleshoot GitHub Copilot in SQL Server Management Studio