Restrict Copilot plugin installs before agent tools reach production

GitHub has confirmed a public-preview enterprise setting called strictKnownMarketplaces for GitHub Copilot CLI and VS Code. Confidence level: confirmed for the preview feature, with production rollout dependent on enterprise configuration and supported clients. The setting lets admins define trusted plugin marketplaces before developers connect agent tools to repositories, terminals, APIs, or internal systems.

Caption: GitHub's changelog image for enterprise-managed Copilot and VS Code client settings. Source: GitHub Changelog.

What changed

GitHub's June 25, 2026 changelog says enterprises can add strictKnownMarketplaces to enterprise-managed settings.json. When enabled, Copilot CLI and VS Code only allow plugins from marketplaces that the organization explicitly defines.

GitHub says the setting applies to users licensed through Copilot Business or Copilot Enterprise and is part of enterprise-managed client settings. GitHub Docs describes the related managed settings file path as copilot/managed-settings.json, with the older .github/copilot/settings.json path still supported.

Key takeaways

• GitHub now gives enterprise admins a marketplace allowlist control for Copilot CLI and VS Code plugins.
• The feature is in public preview, so teams should test behavior before relying on it as the only control.
• The practical risk is agent-tool sprawl: users may install plugins that can read code, call services, or run actions.
• VS Code's enterprise AI settings add related policy controls for plugin marketplaces, MCP access, and tool approvals.
• Admins should treat discovery and installation as separate steps; finding a plugin is not the same as trusting it.

Availability and access

The feature is available as a public preview for enterprise-managed Copilot environments. Teams need an enterprise-managed configuration source, users licensed through Copilot Business or Copilot Enterprise, and clients that honor the managed settings.

GitHub's docs point admins to the managed settings file and plugin policy configuration. VS Code's enterprise AI documentation also describes policy-level controls for strict plugin marketplaces, extra marketplaces, MCP sources, and tool approvals. Test both paths if your company manages developer machines and GitHub enterprise settings separately.

Practical LinkLoot angle

This is a governance control for the agent era. If Copilot CLI, VS Code agents, MCP servers, and plugins can reach production-adjacent systems, plugin marketplace policy belongs in the same checklist as SSO, audit logs, secret scanning, and approval prompts.

For teams building agent workflows, pair the setting with a small approved marketplace first. Put internal tools through a review path, define who owns each plugin, and remove stale entries. LinkLoot's guide to AI agent tools is a useful companion when deciding which tools deserve access and which should stay outside the default developer environment.

What to verify before you act

• Confirm your Copilot plan, license assignment, and client versions support enterprise-managed plugin settings.
• Check whether your source of truth is copilot/managed-settings.json, the legacy path, device policy, or a mix.
• Test that plugins from unapproved marketplaces are blocked in both Copilot CLI and VS Code.
• Review MCP, terminal, file-write, URL-fetch, and API-call permissions separately from marketplace allowlisting.
• Document the owner, purpose, data access, and rollback path for every approved marketplace or plugin.

Source check

Confirmed by: GitHub's changelog confirms the June 25, 2026 strictKnownMarketplaces public preview for Copilot CLI and VS Code. VS Code docs corroborate related enterprise policy controls for AI features, plugin marketplaces, MCP access, and tool approvals.

Independent context: Social posts and third-party summaries are useful discovery signals only; they are not needed for the core claim.