diff --git a/build/sitemap.xml b/build/sitemap.xml
index c957f7e9bb..e7cf50babc 100644
--- a/build/sitemap.xml
+++ b/build/sitemap.xml
@@ -136,7 +136,32 @@
0.8
- https://code.visualstudio.com/docs/setup/enterprise
+ https://code.visualstudio.com/docs/enterprise/overview
+ weekly
+ 0.8
+
+
+ https://code.visualstudio.com/docs/enterprise/policies
+ weekly
+ 0.8
+
+
+ https://code.visualstudio.com/docs/enterprise/ai-settings
+ weekly
+ 0.8
+
+
+ https://code.visualstudio.com/docs/enterprise/telemetry
+ weekly
+ 0.8
+
+
+ https://code.visualstudio.com/docs/enterprise/updates
+ weekly
+ 0.8
+
+
+ https://code.visualstudio.com/docs/enterprise/extensions
weekly
0.8
diff --git a/docs/configure/extensions/extension-marketplace.md b/docs/configure/extensions/extension-marketplace.md
index 618c09bb58..47844dea12 100644
--- a/docs/configure/extensions/extension-marketplace.md
+++ b/docs/configure/extensions/extension-marketplace.md
@@ -366,7 +366,7 @@ Get more information about [extension runtime security](/docs/configure/extensio
### Can I host extensions internally for my organization?
-Yes, see the [Private Marketplace for Extensions](https://code.visualstudio.com/docs/setup/enterprise#_private-marketplace-for-extensions).
+Yes, see the [Private Marketplace for Extensions](/docs/enterprise/extensions.md#host-a-private-extension-marketplace).
### The extension signature cannot be verified by VS Code
@@ -407,4 +407,4 @@ VS Code does not synchronize your extensions to or from a [remote](/docs/remote/
You can control which extensions can be installed in your organization by configuring the `extensions.allowed` application setting. If the setting is not configured, all extensions are allowed. If the setting is configured, all extensions not listed are blocked from installing.
-Get more details about [configuring allowed extensions](/docs/setup/enterprise.md#configure-allowed-extensions).
+Get more details about [configuring allowed extensions](/docs/enterprise/extensions.md#configure-allowed-extensions).
diff --git a/docs/configure/extensions/extension-runtime-security.md b/docs/configure/extensions/extension-runtime-security.md
index a60cc74bc6..cb6d2753ab 100644
--- a/docs/configure/extensions/extension-runtime-security.md
+++ b/docs/configure/extensions/extension-runtime-security.md
@@ -43,7 +43,7 @@ Before you install an extension, you can take various steps to determine if it's
> [!TIP]
-> If you want to enforce which extensions are allowed to be used in your organization, check out how to [configure allowed extensions in VS Code](/docs/setup/enterprise.md#configure-allowed-extensions).
+> If you want to enforce which extensions are allowed to be used in your organization, check out how to [configure allowed extensions in VS Code](/docs/enterprise/extensions.md#configure-allowed-extensions).
## Marketplace protections
@@ -83,4 +83,4 @@ To report an extension:
* Use [Workspace Trust](/docs/editing/workspaces/workspace-trust.md) to decide whether code in a project folder can be executed by VS Code and extensions without explicit approval. This adds an extra layer of security when working with unfamiliar code.
-* Configure [allowed extensions in VS Code](/docs/setup/enterprise.md#configure-allowed-extensions) to enforce which extensions are allowed to be used in your organization.
+* Configure [allowed extensions in VS Code](/docs/enterprise/extensions.md#configure-allowed-extensions) to enforce which extensions are allowed to be used in your organization.
diff --git a/docs/configure/settings.md b/docs/configure/settings.md
index 0f6951c848..20de8510d5 100644
--- a/docs/configure/settings.md
+++ b/docs/configure/settings.md
@@ -99,7 +99,7 @@ Here are some of the filters available:
* `@ext`: settings specific to an extension. You provide the extension ID such as `@ext:ms-python.python`.
* `@feature`: settings specific to a **Features** subgroup. For example, `@feature:explorer` shows settings of the File Explorer.
-* `@haspolicy`: settings that are controlled by your [organization](/docs/setup/enterprise.md).
+* `@haspolicy`: settings that are controlled by your [organization](/docs/enterprise/policies.md).
* `@id`: find a setting based on the setting ID. For example, `@id:workbench.activityBar.visible`.
* `@lang`: apply a language filter based on a language ID. For example, `@lang:typescript`. See [Language-specific editor settings](#language-specific-editor-settings) for more details.
* `@tag`: settings specific to a system of VS Code. For example, `@tag:workspaceTrust` for settings related to [Workspace Trust](/docs/editing/workspaces/workspace-trust.md), `@tag:accessibility` for settings related to accessibility, or `@tag:advanced` for advanced VS Code settings.
diff --git a/docs/configure/telemetry.md b/docs/configure/telemetry.md
index 1512fdd083..fa32b710d1 100644
--- a/docs/configure/telemetry.md
+++ b/docs/configure/telemetry.md
@@ -164,6 +164,6 @@ Please read the [extension guides telemetry document](/api/extension-guides/tele
## Related resources
-* [Centrally manage telemetry log level](/docs/setup/enterprise.md#configure-telemetry-level) - Learn how to set the telemetry log level for your organization.
+* [Centrally manage telemetry log level](/docs/enterprise/telemetry.md#configure-telemetry-level) - Learn how to set the telemetry log level for your organization.
* [Visual Studio Code FAQ](/docs/supporting/faq.md) - Consult the Frequently Asked Questions to learn more.
* [User and Workspace Settings](/docs/configure/settings.md) - Read about available options to customize VS Code.
diff --git a/docs/copilot/chat/chat-tools.md b/docs/copilot/chat/chat-tools.md
index 2a38f2c167..51468a742d 100644
--- a/docs/copilot/chat/chat-tools.md
+++ b/docs/copilot/chat/chat-tools.md
@@ -105,7 +105,7 @@ Tools and agent actions might result in file modifications. Learn how you can pr
By default, you can choose to automatically approve any tool. To prevent accidental approvals, you can disable automatic approvals for specific tools with the `setting(chat.tools.eligibleForAutoApproval)` setting. Set the value to `false` to always require manual approval for that tool.
-Organizations can also use device management policies to enforce manual approvals for specific tools. Learn more in the [Enterprise documentation](/docs/setup/enterprise.md).
+Organizations can also use device management policies to enforce manual approvals for specific tools. Learn more in the [Enterprise documentation](/docs/enterprise/ai-settings.md).
### URL approval
diff --git a/docs/copilot/customization/mcp-servers.md b/docs/copilot/customization/mcp-servers.md
index f6b89aed59..a900238447 100644
--- a/docs/copilot/customization/mcp-servers.md
+++ b/docs/copilot/customization/mcp-servers.md
@@ -470,7 +470,7 @@ Learn more about [MCP development mode](/api/extension-guides/ai/mcp.md#mcp-deve
## Centrally control MCP access
-Organizations can centrally manage access to MCP servers via GitHub policies. Learn more about [enterprise management of MCP servers](/docs/setup/enterprise.md#configure-mcp-server-access).
+Organizations can centrally manage access to MCP servers via GitHub policies. Learn more about [enterprise management of MCP servers](/docs/enterprise/ai-settings.md#configure-mcp-server-access).
## Frequently asked questions
diff --git a/docs/copilot/security.md b/docs/copilot/security.md
index 8207f6d145..ae867be4c9 100644
--- a/docs/copilot/security.md
+++ b/docs/copilot/security.md
@@ -124,7 +124,7 @@ VS Code includes robust protections for sensitive information used in AI-assiste
### Enterprise policies
-Organizations can implement [centralized security controls](/docs/setup/enterprise.md#centrally-manage-vs-code-settings) to manage AI-assisted development capabilities across their development teams.
+Organizations can implement [centralized security controls](/docs/enterprise/policies.md) to manage AI-assisted development capabilities across their development teams.
## User responsibilities and best practices
@@ -149,4 +149,4 @@ While VS Code includes many security protections, users should remain proactive
* [MCP server trust](/docs/copilot/customization/mcp-servers.md#mcp-server-trust)
* [Manage tool auto approvals](/docs/copilot/chat/chat-tools.md#tool-approval)
* [Extension runtime security](/docs/configure/extensions/extension-runtime-security.md)
-* [VS Code enterprise support](/docs/setup/enterprise.md)
+* [VS Code enterprise support](/docs/enterprise/overview.md)
diff --git a/docs/enterprise/ai-settings.md b/docs/enterprise/ai-settings.md
new file mode 100644
index 0000000000..330fdb94e5
--- /dev/null
+++ b/docs/enterprise/ai-settings.md
@@ -0,0 +1,115 @@
+---
+ContentId: f8a9c3d2-4e7b-5f1a-b6c8-9d0e2f3a7b4c
+DateApproved: 01/08/2026
+MetaDescription: Learn how to centrally manage AI settings in VS Code for enterprise environments, including agent mode, MCP servers, and tool approvals.
+---
+
+# Manage AI settings in enterprise environments
+
+VS Code provides AI-powered development capabilities through GitHub Copilot, including agent mode, MCP servers, and chat tools. Organizations can centrally manage these features to control AI behavior, enforce security policies, and maintain compliance across their development teams.
+
+This article covers the AI-related settings that IT admins can manage through [enterprise policies](/docs/enterprise/policies.md).
+
+Users can control the functionality and behavior of AI features through VS Code settings. Organizations can enforce specific configurations by deploying enterprise policies via device management solutions. These policies override user-configured settings on managed devices.
+
+Learn how to [deploy policies for VS Code](/docs/enterprise/policies.md) to your organization's devices.
+
+## Enable or disable the use of agents
+
+[Agents](/docs/copilot/agents/overview.md) enable the AI to autonomously perform tasks like editing files, running terminal commands, and using tools. Agents enable developers to provide a high-level requirement and have the AI assistant analyze, plan, and execute the necessary steps to achieve that goal.
+
+To disable agents entirely, set the `ChatAgentMode` policy to `false`. This configures the `setting(chat.agent.enabled)` setting in VS Code.
+
+The **Agent** option will not be available in the agents dropdown in the Chat view when this policy is applied. Developers can still use [ask or edit](/docs/copilot/chat/copilot-chat.md) for code explanations and file edits, but autonomous code generation and task execution are not available.
+
+## Enable or disable extension language tools
+
+[Tools in chat](/docs/copilot/chat/chat-tools.md) extend the AI assistant's capabilities with specialized functions. These tools can come from built-in features, Model Context Protocol (MCP) servers, or third-party extensions.
+
+Third-party extensions can contribute tools that integrate with chat by using the [Language Model Tools API](/api/extension-guides/ai/tools).
+
+To prevent developers from using extension-contributed tools while still allowing built-in tools and MCP tools, set the `ChatAgentExtensionTools` policy to `false`. This configures the `setting(chat.extensionTools.enabled)` setting in VS Code.
+
+## Configure MCP server access
+
+[Model Context Protocol (MCP) servers](/docs/copilot/customization/mcp-servers.md) extend chat with external tools and services. Organizations can control which MCP servers developers can use through both GitHub organization settings and VS Code policies.
+
+### Restrict MCP server sources
+
+The `ChatMCP` policy controls which sources MCP servers can be installed from. This configures the `setting(chat.mcp.access)` setting in VS Code.
+
+The following values are supported:
+
+| Value | Description |
+|----------------|------------------------------------------------------------------|
+| `allowed` | Developers can run MCP servers from any source |
+| `registryOnly` | Developers can only run MCP servers from the configured registry |
+| `off` | MCP server support is disabled |
+
+### Configure a custom MCP registry
+
+You can host a private MCP server registry for your organization and configure VS Code to use it through the `McpGalleryServiceUrl` policy. This enables you to:
+
+* Provide a curated list of approved MCP servers
+* Host internal MCP servers for your organization
+* Block access to the public GitHub MCP registry
+
+When configured, developers see MCP servers from your custom registry in the Extensions view when they enter `@mcp` in the search field.
+
+Organizations with GitHub Copilot Enterprise or Business can also configure MCP server access through [GitHub organization settings](https://docs.github.com/en/copilot/how-tos/administer-copilot/configure-mcp-server-access).
+
+## Configure agent tool approvals
+
+Agent tools can perform actions that modify files, run commands, or access external services. VS Code includes approval prompts for potentially risky operations. Organizations can enforce stricter approval requirements or disable auto-approval entirely.
+
+Learn more about [tool approval](/docs/copilot/chat/chat-tools.md#tool-approval) in VS Code.
+
+### Disable global auto-approval
+
+The `ChatToolsAutoApprove` policy controls the global auto-approval setting, also known as "YOLO mode". When enabled, the AI assistant can execute all tools without manual approval. This is not recommended for security reasons.
+
+To prevent developers from enabling global auto-approval, set the `ChatToolsAutoApprove` policy to `false`. This configures the `setting(chat.tools.global.autoApprove)` setting in VS Code.
+
+> [!CAUTION]
+> Global auto-approval bypasses all security prompts for tool invocations. Disabling this feature is strongly recommended for enterprise environments.
+
+### Require manual approval for specific tools
+
+The `ChatToolsEligibleForAutoApproval` policy controls which tools can be auto-approved. Tools set to `false` always require manual approval and cannot be auto-approved by users.
+
+Configure this policy with a JSON object that lists tool names and their approval eligibility. This configures the `setting(chat.tools.eligibleForAutoApproval)` setting in VS Code.
+
+The following JSON snippet shows an example configuration that requires manual approval for task execution, URL fetching, and terminal commands:
+
+```json
+{
+ "runTask": false,
+ "fetch": false,
+ "runInTerminal": false
+}
+```
+
+### Configure terminal auto-approval
+
+The `ChatToolsTerminalEnableAutoApprove` policy specifically controls the rule-based auto-approval system for terminal commands. When enabled, VS Code applies a set of rules to automatically approve safe commands while prompting for potentially dangerous ones.
+
+To disable terminal auto-approval entirely, set the policy to `false`. This configures the `setting(chat.tools.terminal.enableAutoApprove)` setting in VS Code.
+
+## Configure Copilot code review
+
+Copilot code review enables AI-powered review of code changes. Organizations can control access to these features.
+
+The `CopilotReviewSelection` policy controls whether developers can request code review for selected code in the editor. This configures the `setting(github.copilot.chat.reviewSelection.enabled)` setting in VS Code.
+
+The `CopilotReviewAgent` policy controls access to the Copilot code review agent for reviewing pull requests and changed files. This configures the `setting(github.copilot.chat.reviewAgent.enabled)` setting in VS Code.
+
+## Security considerations
+
+AI-powered development features can autonomously perform actions with user-level permissions. Refer to the [security documentation](/docs/copilot/security.md) for a comprehensive overview of AI security considerations and best practices.
+
+## Related resources
+
+* [Enterprise policies reference](/docs/enterprise/policies.md) - Complete list of enterprise policies
+* [Use tools in chat](/docs/copilot/chat/chat-tools.md) - Learn how tools work in VS Code chat
+* [MCP servers in VS Code](/docs/copilot/customization/mcp-servers.md) - Configure and use MCP servers
+* [AI security considerations](/docs/copilot/security.md) - Security best practices for AI features
diff --git a/docs/enterprise/extensions.md b/docs/enterprise/extensions.md
new file mode 100644
index 0000000000..508ceb19b5
--- /dev/null
+++ b/docs/enterprise/extensions.md
@@ -0,0 +1,150 @@
+---
+ContentId: 8a2b5f4c-9e3d-4c6a-b8f1-2d7e9a4c5b3f
+DateApproved: 01/08/2026
+MetaDescription: Learn how to manage and control VS Code extensions in enterprise environments, including private marketplace, allowed extensions, and preinstalling extensions.
+---
+
+# Manage extensions in enterprise environments
+
+Visual Studio Code extensions enhance productivity but require careful management in enterprise environments to maintain security and compliance. This article covers how IT admins can control extension installation, host a private marketplace, and deploy extensions to users' machines.
+
+## Configure allowed extensions
+
+> [!NOTE]
+> Support for allowed extensions is available starting from VS Code version 1.96.
+
+VS Code supports controlling which extension can be installed on users' machines through the `setting(extensions.allowed)` application-wide setting. You can selectively allow extensions by publisher, specific extension, version, and platform.
+
+If the setting is not configured, all extensions are allowed. If the setting is configured, all extensions that are not listed are blocked from installing. If you block an extension or version that is already installed, the extension is disabled.
+
+Organizations can centrally manage allowed extensions by using the `AllowedExtensions` [policy](/docs/enterprise/policies.md). Through device management solutions, admins can then deploy and enforce the policy across all managed devices. This overrides any user-configured `setting(extensions.allowed)` setting on individual devices.
+
+For example, to only allow extensions from the `github` and `microsoft` publishers, set the following JSON value for the `AllowedExtensions` policy:
+
+```json
+{
+ "github": true,
+ "microsoft": true
+}
+```
+
+
+
+> [!IMPORTANT]
+> If there's a syntax error in the policy value, the `extensions.allowed` setting is not applied. You can check the Window log in VS Code for errors (press `kb(workbench.action.showCommands)` and enter **Show Window Log**).
+
+### Allowed extensions setting values
+
+The `extensions.allowed` setting contains a list of extension selectors that determine which extensions are allowed or blocked. You can specify the following types of extension selectors:
+
+* Allow or block all extensions from a publisher
+* Allow or block specific extensions
+* Allow specific extension versions
+* Allow specific extension versions and platforms
+* Allow only stable versions of an extension
+* Allow only stable extension versions from a publisher
+
+The following JSON snippet shows examples of the different `settings(extensions.allowed)` setting values:
+
+```json
+"extensions.allowed": {
+ // Allow all extensions from the 'microsoft' publisher. If the key does not have a '.', it means it is a publisher ID.
+ "microsoft": true,
+
+ // Allow all extensions from the 'github' publisher
+ "github": true,
+
+ // Allow prettier extension
+ "esbenp.prettier-vscode": true,
+
+ // Do not allow container tools extension
+ "ms-azuretools.vscode-containers": false,
+
+ // Allow only version 3.0.0 of the eslint extension
+ "dbaeumer.vscode-eslint": ["3.0.0"],
+
+ // Allow multiple versions of the figma extension
+ "figma.figma-vscode-extension": ["3.0.0", "4.2.3", "4.1.2"],
+
+ // Allow version 5.0.0 of the rust extension on Windows and macOS
+ "rust-lang.rust-analyzer": ["5.0.0@win32-x64", "5.0.0@darwin-x64"],
+
+ // Allow only stable versions of the GitHub Pull Requests extension
+ "github.vscode-pull-request-github": "stable",
+
+ // Allow only stable versions from redhat publisher
+ "redhat": "stable",
+}
+```
+
+Specify publishers by their publisher ID. If a key does not have a period (`.`), it is considered a publisher ID. If a key has a period, it is considered an extension ID. The use of wildcards is currently not supported.
+
+> [!TIP]
+> You can use `microsoft` as the publisher ID to refer to all extensions published by Microsoft, even though they might have different publisher IDs.
+
+Version ranges are not supported. If you want to allow multiple versions of an extension, you must specify each version individually. To further restrict versions by platform, use the `@` symbol to specify the platform. For example, `"rust-lang.rust-analyzer": ["5.0.0@win32-x64", "5.0.0@darwin-x64"]`.
+
+The more specific the selector, the higher the precedence. For example, `"microsoft": true` and `"microsoft.cplusplus": false` allows all Microsoft extensions, except for the C++ extension.
+
+Duplicate key values are not supported. For example, including both `"microsoft": true` and `"microsoft": false` results in an invalid policy.
+
+## Preinstall extensions
+
+You can set up VS Code with a set of preinstalled extensions (*bootstrap*). This functionality is useful in cases where you prepare a machine image, virtual machine, or cloud workstation where VS Code is preinstalled and specific extensions are immediately available for users.
+
+> [!NOTE]
+> Support for preinstalling extensions is currently only available on Windows.
+
+Follow these steps to bootstrap extensions:
+
+1. Create a folder `bootstrap\extensions` in the VS Code installation directory.
+
+1. Download the [VSIX files](/docs/configure/extensions/extension-marketplace.md#can-i-download-an-extension-directly-from-the-marketplace) for the extensions that you want to preinstall and place them in the `bootstrap\extensions` folder.
+
+1. When a user launches VS Code for the first time, all extensions in the `bootstrap\extensions` folder are installed silently in the background.
+
+Users can still uninstall extensions that were preinstalled. Restarting VS Code after uninstalling an extension will not reinstall the extension.
+
+## Host a private extension marketplace
+
+The private marketplace enables enterprises to self-host and distribute extensions within their organization to meet organizational security and compliance requirements. The private marketplace integrates with the VS Code extensions experience, giving users easy discovery and automatic updates of private extensions.
+
+> [!NOTE]
+> Connecting from VS Code Server or VS Code for the Web is not supported.
+
+
+Use cases
+
+* Hosting internal extensions privately to protect intellectual property.
+* Providing developers with access to selected or all extensions from the [Visual Studio Marketplace](https://marketplace.visualstudio.com), even in environments with restricted internet connectivity.
+* Downloading and rehosting extensions from external sources to apply enterprise-specific verification and security standards. See how [Microsoft protects your software supply chain](https://aka.ms/vsmsecurityblog).
+
+
+
+
+Key features
+
+* **Self-hosting**: Host internal and downloaded extensions on your own infrastructure, such as Azure or Kubernetes.
+* **Simple deployment**: Deploy the private marketplace as a stateless Docker container, no external database required.
+* **Flexible storage**: Publish and manage extensions using any file system or Azure Artifacts.
+* **Upstreaming**: Choose to automatically include public extensions from the Visual Studio Marketplace. Allow or deny select extensions by setting up an [allow list](#configure-allowed-extensions).
+* **Rehosting**: Choose to download and host public extensions for enhanced security and support for environments without public internet connectivity (air-gapped).
+* **Centralized rollout**: Deploy the private marketplace to your team using group policy on Windows and macOS.
+* **Integrated installation and updates**: Search for and install extensions directly from VS Code, with automatic updates for new versions in the private marketplace.
+* **Cross-platform support**: Compatible with VS Code desktop on Windows, macOS, and Linux.
+
+
+
+### Availability
+
+Private marketplace is currently available to GitHub Enterprise customers. VS Code users must sign in with a GitHub Enterprise or Copilot Enterprise/Business account to access the private marketplace.
+
+### Getting started
+
+Refer to the **[deployment and feature guide](https://aka.ms/private-marketplace/readme)** for deployment instructions, scripts, and development environment configuration. If you have questions or need assistance, contact [private marketplace support](https://aka.ms/vspm/support).
+
+## Related resources
+
+* [Extension Marketplace](/docs/configure/extensions/extension-marketplace.md) - Learn about installing and managing extensions in VS Code.
+* [Extension runtime security](/docs/configure/extensions/extension-runtime-security.md) - Learn about extension security in VS Code.
+* [Enterprise policies](/docs/enterprise/policies.md) - Reference for all enterprise policies in VS Code.
diff --git a/docs/setup/images/enterprise/allowed-extensions-local-gp-editor.png b/docs/enterprise/images/policies/allowed-extensions-local-gp-editor.png
similarity index 100%
rename from docs/setup/images/enterprise/allowed-extensions-local-gp-editor.png
rename to docs/enterprise/images/policies/allowed-extensions-local-gp-editor.png
diff --git a/docs/setup/images/enterprise/allowed-extensions-managed-by-organization.png b/docs/enterprise/images/policies/allowed-extensions-managed-by-organization.png
similarity index 100%
rename from docs/setup/images/enterprise/allowed-extensions-managed-by-organization.png
rename to docs/enterprise/images/policies/allowed-extensions-managed-by-organization.png
diff --git a/docs/enterprise/overview.md b/docs/enterprise/overview.md
new file mode 100644
index 0000000000..9bc843adea
--- /dev/null
+++ b/docs/enterprise/overview.md
@@ -0,0 +1,64 @@
+---
+ContentId: a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d
+DateApproved: 01/08/2026
+MetaDescription: Learn how to configure and manage Visual Studio Code in enterprise environments, including policies, extensions, AI settings, and network configuration.
+---
+
+# VS Code for enterprise
+
+Visual Studio Code can be used as a development tool for enterprise teams of all sizes. As an IT admin, you can configure VS Code to achieve consistency and compliance across your organization.
+
+## Enterprise policies
+
+VS Code supports centrally managed policies that override user settings on managed devices. Policies can be deployed through device management solutions like Microsoft Intune, Active Directory Group Policy, or MDM solutions on macOS.
+
+Policies are available to control:
+
+* [AI and Copilot features](/docs/enterprise/ai-settings.md) - Agent mode, MCP servers, and tool approvals
+* [Extensions](/docs/enterprise/extensions.md) - Allowed extensions and private marketplace
+* [Telemetry](/docs/enterprise/telemetry.md) - Data collection levels and feedback mechanisms
+* [Automatic updates](/docs/enterprise/updates.md) - Control when and how VS Code updates
+
+See the [enterprise policies reference](/docs/enterprise/policies.md) for a complete list of available policies.
+
+## Extension management
+
+Organizations can control which extensions are installed on users' machines and host a private extension marketplace.
+
+* **Allowed extensions** - Specify which extensions can be installed by publisher, extension ID, or version
+* **Private marketplace** - Self-host extensions for your organization and control access to the public marketplace
+
+Learn more about [managing extensions in enterprise environments](/docs/enterprise/extensions.md).
+
+## Network configuration
+
+VS Code requires network access for several features, including automatic updates, extension marketplace, and telemetry. For environments with restricted network access or proxy servers, you might need to configure:
+
+* **Firewall allowlist** - Allow specific hostnames for VS Code functionality
+* **Proxy server** - VS Code uses system proxy settings by default
+* **SSL certificates** - Configure trusted certificates for HTTPS proxies
+
+For detailed network configuration, see [Network connections in VS Code](/docs/setup/network.md).
+
+### Common hostnames
+
+If your firewall requires an allowlist, the key hostnames to allow include:
+
+* `update.code.visualstudio.com` - Updates
+* `marketplace.visualstudio.com` - Extension marketplace
+* `*.gallery.vsassets.io` - Extension assets
+* `vscode.download.prss.microsoft.com` - Downloads
+
+See the [complete list of hostnames](/docs/setup/network.md#common-hostnames) in the network documentation.
+
+## Preinstalled extensions
+
+You can prepare machine images or virtual machines with VS Code and a set of preinstalled extensions. When users launch VS Code for the first time, the extensions are installed automatically.
+
+Learn more about [preinstalling extensions](/docs/enterprise/extensions.md#preinstall-extensions).
+
+## Related resources
+
+* [Enterprise policies reference](/docs/enterprise/policies.md) - Complete list of policies
+* [Network connections](/docs/setup/network.md) - Proxy and firewall configuration
+* [Settings Sync](/docs/configure/settings-sync.md) - Synchronize settings across devices
diff --git a/docs/enterprise/policies.md b/docs/enterprise/policies.md
new file mode 100644
index 0000000000..53d3af3eca
--- /dev/null
+++ b/docs/enterprise/policies.md
@@ -0,0 +1,396 @@
+---
+# DO NOT TOUCH — Managed by doc writer
+ContentId: 200bf922-3684-45ee-a8dd-43191d6b3f8b
+DateApproved: 01/08/2026
+
+VSCodeCommitHash: 587d46304c7f6c500b66440a4314f6d4540a4724
+VSCodeVersion: 1.108.0
+
+# Summarize the whole topic in less than 300 characters for SEO purpose
+MetaDescription: Enterprise policies in Visual Studio Code enable organizations to centrally manage settings for their development teams. This reference details the available policies and how to implement them.
+---
+
+# Centrally manage VS Code settings with policies
+
+Enterprise policies in Visual Studio Code enable organizations to centrally manage VS Code settings for their development teams to ensure consistency and compatibility across their organization. When a policy value is set, the value overrides the VS Code setting value configured at any level (default, user, and workspace).
+
+IT admins can deploy and enforce specific VS Code configurations on users' devices through different device management solutions. VS Code supports applying policies on Windows, macOS, and Linux.
+
+
+
+In this article, you learn which enterprise policies are available in VS Code and how to configure them on different operating systems.
+
+## Windows group policies
+
+VS Code has support for [Windows Registry-based Group Policy](https://learn.microsoft.com/previous-versions/windows/desktop/policy/implementing-registry-based-policy).
+
+These profiles can be deployed using Mobile Device Management (MDM) solutions or installed manually on individual devices.
+
+### Step 1: Obtain the sample ADMX and ADML files
+
+Starting from VS Code version 1.69, each release ships with a `policies` directory containing ADMX template files that define the available policies.
+
+You can get the ADMX and ADML files from either an existing installation or by downloading and extracting the VS Code zip archive. Follow these steps to obtain the files:
+
+1. Download the [VS Code zip archive](https://code.visualstudio.com/docs/?dv=winzip) for your version of VS Code.
+1. Extract the zip file to a temporary location.
+1. Navigate to the `policies` folder in the extracted files. This folder contains the ADMX template files (for example, `vscode.admx`) and a `locales` subfolder with ADML files for different languages.
+
+### Step 2: Configure policy values
+
+Edit the policy values according to your requirements:
+
+**String policies** - policies that accept text values or JSON strings:
+
+```xml
+
+AllowedExtensions
+{"microsoft": true, "github": true}
+
+
+UpdateMode
+start
+```
+
+> [!IMPORTANT]
+> If there's a syntax error in the policy value, the setting will not be applied. You can check the Window log in VS Code for errors (press `kb(workbench.action.showCommands)` and enter **Show Window Log**).
+
+**Boolean policies** - policies that accept true/false values:
+
+```xml
+
+EnableFeedback
+
+
+
+EnableTelemetry
+
+```
+
+**Remove unwanted policies** - delete both the key and value for any policy you don't want to enforce:
+
+```xml
+
+UpdateMode
+start
+```
+
+Refer to the [policy reference](#vs-code-enterprise-policy-reference) below for details on each policy's accepted values and behavior.
+
+### Step 3: Deploy the policies
+
+You can now deploy the configured policies at scale to all relevant devices in your organization using a device management solution. You can manually test the policies on a local Windows machine before deploying them at scale using the Local Group Policy Editor.
+
+
+Deploy policies at scale
+
+Products such as [Microsoft Intune](https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/what-is-intune) or Active Directory Group Policy can be used to centrally manage device policy at scale across an organization. These solutions allow administrators to deploy the ADMX/ADML files and policy configurations to multiple devices from a central location.
+
+For Active Directory environments, copy the ADMX and ADML files to the [Central Store](https://learn.microsoft.com/troubleshoot/windows-client/group-policy/create-and-manage-central-store) to make the policies available across the domain.
+
+
+
+
+Manually test policies on a local machine
+
+If you want to test the policies on a local Windows machine before deploying them at scale, you can manually install the ADMX/ADML files and configure the policies using the Local Group Policy Editor.
+
+Follow these steps to configure VS Code policies on a local Windows machine:
+
+#### Step 1: Install the policy definition files
+
+1. Copy the `vscode.admx` file to `C:\Windows\PolicyDefinitions`.
+1. Copy the appropriate ADML file from the `locales` subfolder (for example, `en-US\vscode.adml`) to `C:\Windows\PolicyDefinitions\` (for example, `C:\Windows\PolicyDefinitions\en-US`).
+
+> [!NOTE]
+> You need administrator privileges to copy files to the `PolicyDefinitions` directory.
+
+#### Step 2: Open the Local Group Policy Editor
+
+1. Press `Windows+R` to open the Run dialog.
+1. Type `gpedit.msc` and press Enter to open the Local Group Policy Editor.
+1. If prompted by User Account Control, select **Yes** to allow the app to make changes.
+
+#### Step 3: Navigate to VS Code policies
+
+The VS Code policies are available under both Computer Configuration and User Configuration:
+
+* **Computer Configuration** > **Administrative Templates** > **Microsoft VS Code**
+* **User Configuration** > **Administrative Templates** > **Microsoft VS Code**
+
+> [!TIP]
+> Computer-level policies take precedence over user-level policies when both are configured.
+
+#### Step 4: Configure a policy
+
+1. Select the policy category (either Computer Configuration or User Configuration).
+1. Navigate to **Administrative Templates** > **Microsoft VS Code**.
+1. Double-click on the policy you want to configure (for example, **Update Mode**).
+1. In the policy settings dialog, select **Enabled** to enforce the policy.
+1. Configure the policy value using the available options or text fields.
+1. Select **OK** to save the changes.
+1. Close the Local Group Policy Editor.
+
+The policy will take effect the next time VS Code is started. Some policies may require restarting Windows to take effect.
+
+
+
+## macOS configuration profiles
+
+Configuration profiles manage settings on macOS devices. A profile is an XML file (`.mobileconfig`) with key/value pairs that correspond to available policies.
+
+These profiles can be deployed using Mobile Device Management (MDM) solutions or installed manually on individual devices.
+
+### Step 1: Obtain the sample configuration profile
+
+Starting from VS Code version 1.99, each release ships with a sample `.mobileconfig` file. Follow these steps to locate the sample file on a macOS device with VS Code installed:
+
+1. Open Finder and navigate to `/Applications`.
+1. Right-click on **Visual Studio Code.app** (or your VS Code variant) and select **Show Package Contents**.
+1. Navigate to `Contents/Resources/app/policies`.
+1. Locate the sample `.mobileconfig` file (for example, `vscode-sample.mobileconfig`).
+
+### Step 2: Configure policy values
+
+1. Copy the sample `.mobileconfig` file to a working location (for example, your Desktop or Documents folder).
+1. Open the copied file in a text editor (for example, TextEdit, VS Code, or any XML editor).
+1. Edit the policy values according to your requirements:
+
+ **String policies** - policies that accept text values or JSON strings:
+
+ ```xml
+
+ AllowedExtensions
+ {"microsoft": true, "github": true}
+
+
+ UpdateMode
+ start
+ ```
+
+ > [!IMPORTANT]
+ > If there's a syntax error in the policy value, the setting will not be applied. You can check the Window log in VS Code for errors (press `kb(workbench.action.showCommands)` and enter **Show Window Log**).
+
+ **Boolean policies** - policies that accept true/false values:
+
+ ```xml
+
+ EnableFeedback
+
+
+
+ EnableTelemetry
+
+ ```
+
+ **Remove unwanted policies** - delete both the key and value for any policy you don't want to enforce:
+
+ ```xml
+
+ UpdateMode
+ start
+ ```
+
+Refer to the [policy reference](#vs-code-enterprise-policy-reference) for details on each policy's accepted values and behavior.
+
+### Step 3: Deploy the policies
+
+You can now deploy the configured policies at scale to all relevant devices in your organization with an MDM solution. You can manually test the policies on a local machine before deploying them at scale.
+
+
+Deploy profiles at scale
+
+For enterprise deployments across multiple devices, use Mobile Device Management (MDM) solutions such as:
+
+* [Microsoft Intune](https://learn.microsoft.com/mem/intune/configuration/device-profiles)
+* Apple Business Manager with MDM
+
+For more information on configuration profiles, refer to [Apple's documentation](https://support.apple.com/guide/mac-help/configuration-profiles-standardize-settings-mh35561/mac).
+
+
+
+
+Manually test policies on a local machine
+
+### Configure policies manually
+
+Follow these steps to manually test your VS Code policy configuration on a macOS device before deploying at scale:
+
+#### Step 1: Install the configuration profile
+
+1. Save your edited `.mobileconfig` file.
+1. Double-click the `.mobileconfig` file in Finder.
+1. The System Settings (or System Preferences on older macOS versions) will open.
+1. Review the profile details and select **Install** (or **Continue** depending on your macOS version).
+1. If prompted, authenticate with your administrator credentials.
+1. Confirm the installation when prompted.
+
+#### Step 2: Verify the profile installation
+
+1. Open **System Settings** (macOS Ventura and later) or **System Preferences** (earlier versions).
+1. Navigate to **Privacy & Security** > **Profiles** (or **General** > **Device Management** on older versions).
+1. Verify that your VS Code configuration profile appears in the list.
+1. Launch VS Code to see the policies in effect.
+
+> [!NOTE]
+> Policies take effect immediately for new VS Code instances. You may need to restart VS Code if it's already running.
+
+#### Remove a configuration profile
+
+To remove policies and revert to default settings:
+
+1. Open **System Settings** > **Privacy & Security** > **Profiles**.
+1. Select the VS Code configuration profile.
+1. Select the **Remove** (or **-**) button.
+1. Authenticate with your administrator credentials to confirm removal.
+
+
+
+## Linux JSON policies
+
+You can configure VS Code setting policies on Linux devices by placing a JSON policy file at `/etc/vscode/policy.json`. This approach uses a simple JSON format to define policy values.
+
+These profiles can be deployed using Mobile Device Management (MDM) solutions or installed manually on individual devices.
+
+### Step 1: Obtain the sample policy file
+
+Starting from VS Code version 1.106, each release ships with a sample `.policy.json` file. You can obtain it from either an existing installation or by downloading and extracting the VS Code archive. The file is located in the `resources/app/policies` directory.
+
+### Step 2: Configure policy values
+
+1. Copy the sample `policy.json` file to a working location:
+
+ ```bash
+ sudo cp /usr/share/code/resources/app/policies/policy.json /tmp/policy.json
+ ```
+
+1. Edit the file using your preferred text editor:
+
+ ```bash
+ sudo nano /tmp/policy.json
+ # or
+ sudo vim /tmp/policy.json
+ # or
+ code /tmp/policy.json
+ ```
+
+1. Edit the policy values according to your requirements:
+
+ **String policies** - policies that accept text values or JSON strings:
+
+ ```xml
+
+ AllowedExtensions
+ {"microsoft": true, "github": true}
+
+
+ UpdateMode
+ start
+ ```
+
+ > [!IMPORTANT]
+ > If there's a syntax error in the policy value, the setting will not be applied. You can check the Window log in VS Code for errors (press `kb(workbench.action.showCommands)` and enter **Show Window Log**).
+
+ **Boolean policies** - policies that accept true/false values:
+
+ ```xml
+
+ EnableFeedback
+
+
+
+ EnableTelemetry
+
+ ```
+
+ **Remove unwanted policies** - delete both the key and value for any policy you don't want to enforce:
+
+ ```xml
+
+ UpdateMode
+ start
+ ```
+
+Refer to the [policy reference](#vs-code-enterprise-policy-reference) for details on each policy's accepted values and behavior.
+
+### Step 3: Deploy the policies
+
+You can now deploy the configured policies at scale to all relevant devices in your organization with an MDM solution. You can manually test the policies on a local machine before deploying them at scale.
+
+
+Deploy policies at scale
+
+For enterprise Linux deployments across multiple devices, use configuration management tools such as Ansible, Puppet, Chef, or Salt to deploy the `policy.json` file.
+
+These tools allow administrators to deploy, update, and remove policies remotely across all managed Linux devices in the organization.
+
+
+
+
+Manually test policies on a local machine
+
+#### Step 1: Copy the policy file
+
+1. Ensure the `/etc/vscode` directory exists:
+
+ ```bash
+ sudo mkdir -p /etc/vscode
+ ```
+
+ > [!NOTE]
+ > You need root or sudo privileges to create the directory and manage policy files in `/etc/vscode`.
+
+1. Copy the edited policy file to the `/etc/vscode/` system location:
+
+ ```bash
+ sudo cp /tmp/policy.json /etc/vscode/policy.json
+ ```
+
+ Set appropriate permissions:
+
+ ```bash
+ sudo chmod 644 /etc/vscode/policy.json
+ sudo chown root:root /etc/vscode/policy.json
+ ```
+
+#### Step 2: Verify the policy installation
+
+1. Launch VS Code (or restart it if already running).
+1. Open **File** > **Preferences** > **Settings** (or press `Ctrl+,`).
+1. Look for settings that correspond to your configured policies - they should show as "managed by your organization" or have a lock icon.
+1. Hover over managed settings to see that they are controlled by policy.
+
+> [!TIP]
+> You can verify the policy file is being read by checking VS Code's logs or by attempting to change a managed setting (the change will be prevented).
+
+#### Remove policies
+
+To remove all policies and revert to default settings, delete the `/etc/vscode/policy.json` file and restart VS Code.
+
+
+
+## VS Code enterprise policy reference
+
+The following table lists all available enterprise policies in VS Code.
+
+| Policy Name | Setting ID | Description | Minimum Version |
+|------------|------------|-------------|----------------|
+| `McpGalleryServiceUrl` | `setting(chat.mcp.gallery.serviceUrl)` | Configure the MCP Gallery service URL to connect to | 1.101 |
+| `ExtensionGalleryServiceUrl` | `setting(extensions.gallery.serviceUrl)` | Configure the Marketplace service URL to connect to | 1.99 |
+| `AllowedExtensions` | `setting(extensions.allowed)` | Specify a list of extensions that are allowed to use. This helps maintain a secure and consistent development environment by restricting the use of unauthorized extensions. More information: https://code.visualstudio.com/docs/setup/enterprise#_configure-allowed-extensions | 1.96 |
+| `ChatToolsAutoApprove` | `setting(chat.tools.global.autoApprove)` | Global auto approve also known as "YOLO mode" disables manual approval completely for all tools in all workspaces, allowing the agent to act fully autonomously. This is extremely dangerous and is *never* recommended, even containerized environments like Codespaces and Dev Containers have user keys forwarded into the container that could be compromised. This feature disables critical security protections and makes it much easier for an attacker to compromise the machine. | 1.99 |
+| `ChatToolsEligibleForAutoApproval` | `setting(chat.tools.eligibleForAutoApproval)` | Controls which tools are eligible for automatic approval. Tools set to 'false' will always present a confirmation and will never offer the option to auto-approve. The default behavior (or setting a tool to 'true') may result in the tool offering auto-approval options. | 1.107 |
+| `ChatMCP` | `setting(chat.mcp.access)` | Controls access to installed Model Context Protocol servers. | 1.99 |
+| `ChatAgentExtensionTools` | `setting(chat.extensionTools.enabled)` | Enable using tools contributed by third-party extensions. | 1.99 |
+| `ChatAgentMode` | `setting(chat.agent.enabled)` | When enabled, agent mode can be activated from chat and tools in agentic contexts with side effects can be used. | 1.99 |
+| `ChatToolsTerminalEnableAutoApprove` | `setting(chat.tools.terminal.enableAutoApprove)` | Controls whether to allow auto approval in the run in terminal tool. | 1.104 |
+| `UpdateMode` | `setting(update.mode)` | Configure whether you receive automatic updates. Requires a restart after change. The updates are fetched from a Microsoft online service. | 1.67 |
+| `TelemetryLevel` | `setting(telemetry.telemetryLevel)` | Controls the level of telemetry. | 1.99 |
+| `EnableFeedback` | `setting(telemetry.feedback.enabled)` | Enable feedback mechanisms such as the issue reporter, surveys, and other feedback options. | 1.99 |
+
+> [!NOTE]
+> If you want to enact more policies, open an issue in the [VS Code GitHub repository](https://github.com/microsoft/vscode/issues). The team will determine if there is already a corresponding setting for the behavior or if a new setting and policy should be created.
+
+## Related resources
+
+
diff --git a/docs/enterprise/policies.template.md b/docs/enterprise/policies.template.md
new file mode 100644
index 0000000000..1650e2fb65
--- /dev/null
+++ b/docs/enterprise/policies.template.md
@@ -0,0 +1,379 @@
+---
+# DO NOT TOUCH — Managed by doc writer
+ContentId: 200bf922-3684-45ee-a8dd-43191d6b3f8b
+DateApproved: 01/08/2026
+
+VSCodeCommitHash: 587d46304c7f6c500b66440a4314f6d4540a4724
+VSCodeVersion: 1.108.0
+
+# Summarize the whole topic in less than 300 characters for SEO purpose
+MetaDescription: Enterprise policies in Visual Studio Code enable organizations to centrally manage settings for their development teams. This reference details the available policies and how to implement them.
+---
+
+# Centrally manage VS Code settings with policies
+
+Enterprise policies in Visual Studio Code enable organizations to centrally manage VS Code settings for their development teams to ensure consistency and compatibility across their organization. When a policy value is set, the value overrides the VS Code setting value configured at any level (default, user, and workspace).
+
+IT admins can deploy and enforce specific VS Code configurations on users' devices through different device management solutions. VS Code supports applying policies on Windows, macOS, and Linux.
+
+
+
+In this article, you learn which enterprise policies are available in VS Code and how to configure them on different operating systems.
+
+## Windows group policies
+
+VS Code has support for [Windows Registry-based Group Policy](https://learn.microsoft.com/previous-versions/windows/desktop/policy/implementing-registry-based-policy).
+
+These profiles can be deployed using Mobile Device Management (MDM) solutions or installed manually on individual devices.
+
+### Step 1: Obtain the sample ADMX and ADML files
+
+Starting from VS Code version 1.69, each release ships with a `policies` directory containing ADMX template files that define the available policies.
+
+You can get the ADMX and ADML files from either an existing installation or by downloading and extracting the VS Code zip archive. Follow these steps to obtain the files:
+
+1. Download the [VS Code zip archive](https://code.visualstudio.com/docs/?dv=winzip) for your version of VS Code.
+1. Extract the zip file to a temporary location.
+1. Navigate to the `policies` folder in the extracted files. This folder contains the ADMX template files (for example, `vscode.admx`) and a `locales` subfolder with ADML files for different languages.
+
+### Step 2: Configure policy values
+
+Edit the policy values according to your requirements:
+
+**String policies** - policies that accept text values or JSON strings:
+
+```xml
+
+AllowedExtensions
+{"microsoft": true, "github": true}
+
+
+UpdateMode
+start
+```
+
+> [!IMPORTANT]
+> If there's a syntax error in the policy value, the setting will not be applied. You can check the Window log in VS Code for errors (press `kb(workbench.action.showCommands)` and enter **Show Window Log**).
+
+**Boolean policies** - policies that accept true/false values:
+
+```xml
+
+EnableFeedback
+
+
+
+EnableTelemetry
+
+```
+
+**Remove unwanted policies** - delete both the key and value for any policy you don't want to enforce:
+
+```xml
+
+UpdateMode
+start
+```
+
+Refer to the [policy reference](#vs-code-enterprise-policy-reference) below for details on each policy's accepted values and behavior.
+
+### Step 3: Deploy the policies
+
+You can now deploy the configured policies at scale to all relevant devices in your organization using a device management solution. You can manually test the policies on a local Windows machine before deploying them at scale using the Local Group Policy Editor.
+
+
+Deploy policies at scale
+
+Products such as [Microsoft Intune](https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/what-is-intune) or Active Directory Group Policy can be used to centrally manage device policy at scale across an organization. These solutions allow administrators to deploy the ADMX/ADML files and policy configurations to multiple devices from a central location.
+
+For Active Directory environments, copy the ADMX and ADML files to the [Central Store](https://learn.microsoft.com/troubleshoot/windows-client/group-policy/create-and-manage-central-store) to make the policies available across the domain.
+
+
+
+
+Manually test policies on a local machine
+
+If you want to test the policies on a local Windows machine before deploying them at scale, you can manually install the ADMX/ADML files and configure the policies using the Local Group Policy Editor.
+
+Follow these steps to configure VS Code policies on a local Windows machine:
+
+#### Step 1: Install the policy definition files
+
+1. Copy the `vscode.admx` file to `C:\Windows\PolicyDefinitions`.
+1. Copy the appropriate ADML file from the `locales` subfolder (for example, `en-US\vscode.adml`) to `C:\Windows\PolicyDefinitions\` (for example, `C:\Windows\PolicyDefinitions\en-US`).
+
+> [!NOTE]
+> You need administrator privileges to copy files to the `PolicyDefinitions` directory.
+
+#### Step 2: Open the Local Group Policy Editor
+
+1. Press `Windows+R` to open the Run dialog.
+1. Type `gpedit.msc` and press Enter to open the Local Group Policy Editor.
+1. If prompted by User Account Control, select **Yes** to allow the app to make changes.
+
+#### Step 3: Navigate to VS Code policies
+
+The VS Code policies are available under both Computer Configuration and User Configuration:
+
+* **Computer Configuration** > **Administrative Templates** > **Microsoft VS Code**
+* **User Configuration** > **Administrative Templates** > **Microsoft VS Code**
+
+> [!TIP]
+> Computer-level policies take precedence over user-level policies when both are configured.
+
+#### Step 4: Configure a policy
+
+1. Select the policy category (either Computer Configuration or User Configuration).
+1. Navigate to **Administrative Templates** > **Microsoft VS Code**.
+1. Double-click on the policy you want to configure (for example, **Update Mode**).
+1. In the policy settings dialog, select **Enabled** to enforce the policy.
+1. Configure the policy value using the available options or text fields.
+1. Select **OK** to save the changes.
+1. Close the Local Group Policy Editor.
+
+The policy will take effect the next time VS Code is started. Some policies may require restarting Windows to take effect.
+
+
+
+## macOS configuration profiles
+
+Configuration profiles manage settings on macOS devices. A profile is an XML file (`.mobileconfig`) with key/value pairs that correspond to available policies.
+
+These profiles can be deployed using Mobile Device Management (MDM) solutions or installed manually on individual devices.
+
+### Step 1: Obtain the sample configuration profile
+
+Starting from VS Code version 1.99, each release ships with a sample `.mobileconfig` file. Follow these steps to locate the sample file on a macOS device with VS Code installed:
+
+1. Open Finder and navigate to `/Applications`.
+1. Right-click on **Visual Studio Code.app** (or your VS Code variant) and select **Show Package Contents**.
+1. Navigate to `Contents/Resources/app/policies`.
+1. Locate the sample `.mobileconfig` file (for example, `vscode-sample.mobileconfig`).
+
+### Step 2: Configure policy values
+
+1. Copy the sample `.mobileconfig` file to a working location (for example, your Desktop or Documents folder).
+1. Open the copied file in a text editor (for example, TextEdit, VS Code, or any XML editor).
+1. Edit the policy values according to your requirements:
+
+ **String policies** - policies that accept text values or JSON strings:
+
+ ```xml
+
+ AllowedExtensions
+ {"microsoft": true, "github": true}
+
+
+ UpdateMode
+ start
+ ```
+
+ > [!IMPORTANT]
+ > If there's a syntax error in the policy value, the setting will not be applied. You can check the Window log in VS Code for errors (press `kb(workbench.action.showCommands)` and enter **Show Window Log**).
+
+ **Boolean policies** - policies that accept true/false values:
+
+ ```xml
+
+ EnableFeedback
+
+
+
+ EnableTelemetry
+
+ ```
+
+ **Remove unwanted policies** - delete both the key and value for any policy you don't want to enforce:
+
+ ```xml
+
+ UpdateMode
+ start
+ ```
+
+Refer to the [policy reference](#vs-code-enterprise-policy-reference) for details on each policy's accepted values and behavior.
+
+### Step 3: Deploy the policies
+
+You can now deploy the configured policies at scale to all relevant devices in your organization with an MDM solution. You can manually test the policies on a local machine before deploying them at scale.
+
+
+Deploy profiles at scale
+
+For enterprise deployments across multiple devices, use Mobile Device Management (MDM) solutions such as:
+
+* [Microsoft Intune](https://learn.microsoft.com/mem/intune/configuration/device-profiles)
+* Apple Business Manager with MDM
+
+For more information on configuration profiles, refer to [Apple's documentation](https://support.apple.com/guide/mac-help/configuration-profiles-standardize-settings-mh35561/mac).
+
+
+
+
+Manually test policies on a local machine
+
+### Configure policies manually
+
+Follow these steps to manually test your VS Code policy configuration on a macOS device before deploying at scale:
+
+#### Step 1: Install the configuration profile
+
+1. Save your edited `.mobileconfig` file.
+1. Double-click the `.mobileconfig` file in Finder.
+1. The System Settings (or System Preferences on older macOS versions) will open.
+1. Review the profile details and select **Install** (or **Continue** depending on your macOS version).
+1. If prompted, authenticate with your administrator credentials.
+1. Confirm the installation when prompted.
+
+#### Step 2: Verify the profile installation
+
+1. Open **System Settings** (macOS Ventura and later) or **System Preferences** (earlier versions).
+1. Navigate to **Privacy & Security** > **Profiles** (or **General** > **Device Management** on older versions).
+1. Verify that your VS Code configuration profile appears in the list.
+1. Launch VS Code to see the policies in effect.
+
+> [!NOTE]
+> Policies take effect immediately for new VS Code instances. You may need to restart VS Code if it's already running.
+
+#### Remove a configuration profile
+
+To remove policies and revert to default settings:
+
+1. Open **System Settings** > **Privacy & Security** > **Profiles**.
+1. Select the VS Code configuration profile.
+1. Select the **Remove** (or **-**) button.
+1. Authenticate with your administrator credentials to confirm removal.
+
+
+
+## Linux JSON policies
+
+Starting from VS Code version 1.106, you can configure VS Code setting policies on Linux devices by placing a JSON policy file at `/etc/vscode/policy.json`. This approach uses a simple JSON format to define policy values.
+
+These profiles can be deployed using Mobile Device Management (MDM) solutions or installed manually on individual devices.
+
+### Step 1: Obtain the sample policy file
+
+Starting from VS Code version 1.106, each release ships with a sample `.policy.json` file. You can obtain it from either an existing installation or by downloading and extracting the VS Code archive. The file is located in the `resources/app/policies` directory.
+
+### Step 2: Configure policy values
+
+1. Copy the sample `policy.json` file to a working location:
+
+ ```bash
+ sudo cp /usr/share/code/resources/app/policies/policy.json /tmp/policy.json
+ ```
+
+1. Edit the file using your preferred text editor:
+
+ ```bash
+ sudo nano /tmp/policy.json
+ # or
+ sudo vim /tmp/policy.json
+ # or
+ code /tmp/policy.json
+ ```
+
+1. Edit the policy values according to your requirements:
+
+ **String policies** - policies that accept text values or JSON strings:
+
+ ```xml
+
+ AllowedExtensions
+ {"microsoft": true, "github": true}
+
+
+ UpdateMode
+ start
+ ```
+
+ > [!IMPORTANT]
+ > If there's a syntax error in the policy value, the setting will not be applied. You can check the Window log in VS Code for errors (press `kb(workbench.action.showCommands)` and enter **Show Window Log**).
+
+ **Boolean policies** - policies that accept true/false values:
+
+ ```xml
+
+ EnableFeedback
+
+
+
+ EnableTelemetry
+
+ ```
+
+ **Remove unwanted policies** - delete both the key and value for any policy you don't want to enforce:
+
+ ```xml
+
+ UpdateMode
+ start
+ ```
+
+Refer to the [policy reference](#vs-code-enterprise-policy-reference) for details on each policy's accepted values and behavior.
+
+### Step 3: Deploy the policies
+
+You can now deploy the configured policies at scale to all relevant devices in your organization with an MDM solution. You can manually test the policies on a local machine before deploying them at scale.
+
+
+Deploy policies at scale
+
+For enterprise Linux deployments across multiple devices, use configuration management tools such as Ansible, Puppet, Chef, or Salt to deploy the `policy.json` file.
+
+These tools allow administrators to deploy, update, and remove policies remotely across all managed Linux devices in the organization.
+
+
+
+
+Manually test policies on a local machine
+
+#### Step 1: Copy the policy file
+
+1. Ensure the `/etc/vscode` directory exists:
+
+ ```bash
+ sudo mkdir -p /etc/vscode
+ ```
+
+ > [!NOTE]
+ > You need root or sudo privileges to create the directory and manage policy files in `/etc/vscode`.
+
+1. Copy the edited policy file to the `/etc/vscode/` system location:
+
+ ```bash
+ sudo cp /tmp/policy.json /etc/vscode/policy.json
+ ```
+
+ Set appropriate permissions:
+
+ ```bash
+ sudo chmod 644 /etc/vscode/policy.json
+ sudo chown root:root /etc/vscode/policy.json
+ ```
+
+#### Step 2: Verify the policy installation
+
+1. Launch VS Code (or restart it if already running).
+1. Open **File** > **Preferences** > **Settings** (or press `Ctrl+,`).
+1. Look for settings that correspond to your configured policies - they should show as "managed by your organization" or have a lock icon.
+1. Hover over managed settings to see that they are controlled by policy.
+
+> [!TIP]
+> You can verify the policy file is being read by checking VS Code's logs or by attempting to change a managed setting (the change will be prevented).
+
+#### Remove policies
+
+To remove all policies and revert to default settings, delete the `/etc/vscode/policy.json` file and restart VS Code.
+
+
+
+## VS Code enterprise policy reference
+
+The following table lists all available enterprise policies in VS Code.
+
+{$ Content $}
+
+> [!NOTE]
+> If you want to enact more policies, open an issue in the [VS Code GitHub repository](https://github.com/microsoft/vscode/issues). The team will determine if there is already a corresponding setting for the behavior or if a new setting and policy should be created.
diff --git a/docs/enterprise/telemetry.md b/docs/enterprise/telemetry.md
new file mode 100644
index 0000000000..8f896d9543
--- /dev/null
+++ b/docs/enterprise/telemetry.md
@@ -0,0 +1,95 @@
+---
+ContentId: 9b3e5c2d-1a4f-6e8b-c7d9-0f2a3b4c5d6e
+DateApproved: 01/08/2026
+MetaDescription: Learn how to centrally manage VS Code telemetry settings for enterprise environments, including telemetry levels and feedback options.
+---
+
+# Manage telemetry in enterprise environments
+
+VS Code collects telemetry data to help understand how the product is used and to improve it. Organizations can centrally manage telemetry settings to control what data is collected across their development teams.
+
+This article covers how IT admins can configure telemetry through [enterprise policies](/docs/enterprise/policies.md).
+
+## Telemetry-related policies
+
+VS Code provides the following policies for managing telemetry:
+
+| Policy | Description | VS Code setting | Available since |
+|------------------|------------------------------------------------------------|---------------------------------------|-----------------|
+| `TelemetryLevel` | Specify the telemetry data level | `setting(telemetry.telemetryLevel)` | 1.99 |
+| `EnableFeedback` | Configure feedback mechanisms (issue reporter and surveys) | `setting(telemetry.feedback.enabled)` | 1.99 |
+
+Learn how to [deploy policies](/docs/enterprise/policies.md) to your organization's devices.
+
+## Configure telemetry level
+
+The `TelemetryLevel` policy controls VS Code telemetry, first-party extension telemetry, and participating third-party extension telemetry.
+
+> [!NOTE]
+> Some third-party extensions might not respect this setting. Consult the specific extension's documentation to learn about its telemetry reporting.
+
+### Telemetry level options
+
+| Value | Crash reports | Error telemetry | Usage data |
+|---------|:-------------:|:---------------:|:----------:|
+| `all` | ✓ | ✓ | ✓ |
+| `error` | ✓ | ✓ | - |
+| `crash` | ✓ | - | - |
+| `off` | - | - | - |
+
+**Data types:**
+
+* **Crash reports** - Diagnostic information when VS Code crashes
+* **Error telemetry** - Information about errors that don't crash the application
+* **Usage data** - Information about feature usage and performance
+
+### Disable telemetry
+
+To disable all telemetry across your organization, set the `TelemetryLevel` policy to `off`:
+
+**Policy value**:
+
+```text
+off
+```
+
+> [!IMPORTANT]
+> Setting telemetry to `off` or `error` disables A/B experimentation. This might delay the rollout of new features to your users until they are generally available.
+
+### Enable error telemetry only
+
+To collect only crash reports and error telemetry while disabling usage data, set the `TelemetryLevel` policy to `error`:
+
+**Policy value**:
+
+```text
+error
+```
+
+## Configure feedback mechanisms
+
+The `EnableFeedback` policy controls whether users can access feedback mechanisms in VS Code, such as the issue reporter and surveys.
+
+To disable feedback mechanisms, set the `EnableFeedback` policy to `false`:
+
+**Policy value**:
+
+```text
+false
+```
+
+## Extension telemetry
+
+VS Code extensions might collect their own telemetry data. The `setting(telemetry.telemetryLevel)` setting affects first-party Microsoft extensions and participating third-party extensions. However, some extensions might not respect this setting and might have their own telemetry configuration.
+
+Review the documentation of extensions used in your organization to understand their telemetry practices.
+
+## GDPR compliance
+
+VS Code is designed to be GDPR compliant. When users disable telemetry, VS Code stops sending telemetry data going forward. For more information about GDPR and VS Code, see the [telemetry documentation](/docs/configure/telemetry.md#gdpr-and-vs-code).
+
+## Related resources
+
+* [Enterprise policies reference](/docs/enterprise/policies.md) - Complete list of enterprise policies
+* [Telemetry in VS Code](/docs/configure/telemetry.md) - Learn about telemetry data collection
+* [Privacy statement](https://go.microsoft.com/fwlink/?LinkID=528096&clcid=0x409) - Microsoft privacy statement
diff --git a/docs/enterprise/updates.md b/docs/enterprise/updates.md
new file mode 100644
index 0000000000..7ae19f0a16
--- /dev/null
+++ b/docs/enterprise/updates.md
@@ -0,0 +1,75 @@
+---
+ContentId: 2c4d6e8f-0a1b-3c5d-7e9f-1a2b3c4d5e6f
+DateApproved: 01/08/2026
+MetaDescription: Learn how to centrally manage VS Code automatic updates in enterprise environments, including update modes and deployment strategies.
+---
+
+# Manage updates in enterprise environments
+
+VS Code releases monthly updates with new features, bug fixes, and security patches. Organizations can centrally manage how VS Code updates are handled across their development teams.
+
+This article covers how IT admins can configure automatic updates through [enterprise policies](/docs/enterprise/policies.md).
+
+## Update policy
+
+VS Code provides the `UpdateMode` policy for controlling automatic updates. This policy controls the `setting(update.mode)` setting in VS Code.
+
+Learn how to [deploy policies](/docs/enterprise/policies.md) to your organization's devices.
+
+## Update mode options
+
+The `UpdateMode` policy accepts the following values:
+
+| Value | Description |
+|-----------|-----------------------------------------------------------------------------|
+| `default` | Automatic checking for updates is enabled and runs in the background |
+| `start` | Check for updates only when VS Code starts |
+| `manual` | Automatic checking is disabled; users can manually check for updates |
+| `none` | Updates are disabled entirely |
+
+## Disable automatic updates
+
+To prevent VS Code from automatically checking for or installing updates, set the `UpdateMode` policy to `none`:
+
+**Policy value**:
+
+```text
+none
+```
+
+When updates are disabled, users cannot update VS Code through the application. You can then control VS Code versions through your software deployment tools.
+
+## Enable manual updates only
+
+To allow users to check for updates manually while disabling automatic background checks, set the `UpdateMode` policy to `manual`:
+
+**Policy value**:
+
+```text
+manual
+```
+
+Users can check for updates by selecting **Help** > **Check for Updates**.
+
+## Check for updates at startup only
+
+To check for updates only when VS Code starts, without background checking, set the `UpdateMode` policy to `start`:
+
+**Policy value**:
+
+```text
+start
+```
+
+## Network requirements
+
+VS Code downloads updates from Microsoft servers. If your network has restricted access, ensure the following hostname is allowed:
+
+* `update.code.visualstudio.com` - VS Code download and update server
+
+See the [network documentation](/docs/setup/network.md#common-hostnames) for a complete list of hostnames.
+
+## Related resources
+
+* [Enterprise policies reference](/docs/enterprise/policies.md) - Complete list of enterprise policies
+* [Network connections](/docs/setup/network.md) - Proxy and firewall configuration
diff --git a/docs/setup/enterprise.md b/docs/setup/enterprise.md
deleted file mode 100644
index 9d300174fc..0000000000
--- a/docs/setup/enterprise.md
+++ /dev/null
@@ -1,292 +0,0 @@
----
-ContentId: 936ab8e0-3bbe-4842-bb17-ea314665c20a
-DateApproved: 01/08/2026
-MetaDescription: Learn about Visual Studio Code's enterprise support features, such as group policies or restricting allowed extensions.
-
----
-# Enterprise support
-
-Visual Studio Code can be used as a development tool for enterprise teams of all sizes. As an IT admin, you can configure VS Code to achieve consistency and compatibility across your organization.
-
-## Private marketplace for extensions
-
-The private marketplace enables enterprises to self-host and distribute extensions within their organization to meet organizational security and compliance requirements. The private marketplace integrates seamlessly with the VS Code extensions experience, giving users easy discovery and automatic updates of private extensions. Common use cases include:
-
-* Hosting internal extensions privately to protect intellectual property.
-* Providing developers with access to selected or all extensions from the [Visual Studio Marketplace](https://marketplace.visualstudio.com), even in environments with restricted internet connectivity.
-* Downloading and rehosting extensions from external sources to apply enterprise-specific verification and security standards. See how [Microsoft protects your software supply chain](https://aka.ms/vsmsecurityblog).
-
-### Key features
-
-* **Self-hosting**: Host internal and downloaded extensions on your own infrastructure, such as Azure or Kubernetes.
-* **Simple deployment**: Deploy the private marketplace as a stateless Docker container, no external database required.
-* **Flexible storage**: Publish and manage extensions using any file system or Azure Artifacts.
-* **Upstreaming**: Choose to automatically include public extensions from the Visual Studio Marketplace. Allow or deny select extensions by setting up an [allow list](#configure-allowed-extensions).
-* **Rehosting**: Choose to download and host public extensions for enhanced security and support for environments without public internet connectivity (air-gapped).
-* **Centralized rollout**: Deploy the private marketplace to your team using group policy on Windows and macOS.
-* **Integrated installation and updates**: Search for and install extensions directly from VS Code, with automatic updates for new versions in the private marketplace.
-* **Cross-platform support**: Compatible with VS Code desktop on Windows, macOS, and Linux.
-
-> [!NOTE]
-> Connecting from VS Code Server or VS Code for the Web is not supported.
-
-### Availability
-
-Private marketplace is currently available to GitHub Enterprise customers. VS Code users must sign in with a GitHub Enterprise or Copilot Enterprise/Business account to access the private marketplace.
-
-### Getting started
-
-Refer to the **[deployment and feature guide](https://aka.ms/private-marketplace/readme)** for deployment instructions, scripts, and development environment configuration. If you have questions or need assistance, contact [private marketplace support](https://aka.ms/vspm/support).
-
-## Network: Common hostnames
-
-A handful of features within VS Code require network communication to work, such as the auto-update mechanism, querying and installing extensions, and telemetry. For these features to work properly in a proxy environment, you must have the product correctly configured.
-
-Refer to the [network common hostnames list](/docs/setup/network.md#common-hostnames) for the required domains.
-
-## Configure allowed extensions
-
-> [!NOTE]
-> Support for allowed extensions is available starting from VS Code version 1.96.
-
-The `extensions.allowed` application-wide setting in VS Code enables you to control which extensions can be installed on the user's machine. If the setting is not configured, all extensions are allowed. If the setting is configured, all extensions not listed are blocked from installing. If you block an extension or version that is already installed, the extension is disabled.
-
-To [centrally manage](#centrally-manage-vs-code-settings) allowed extensions for your organization, configure the `AllowedExtensions` policy using your device management solution. This policy overrides the `extensions.allowed` setting on users' devices. The value of this policy is a JSON string that contains the allowed extensions:
-
-```json
-{
- "github": true,
- "microsoft": true
-}
-```
-
-This is how an administrator may locally configure the `AllowedExtensions` policy using the [Local Group Policy Editor](https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn265982(v=ws.11)):
-
-
-
-> [!IMPORTANT]
-> If there's a syntax error in the policy value, the `extensions.allowed` setting is not applied. You can check the Window log in VS Code for errors (press `kb(workbench.action.showCommands)` and enter **Show Window Log**).
-
-### Allowed extensions setting values
-
-The `extensions.allowed` setting contains a list of extension selectors that determine which extensions are allowed or blocked. You can specify the following types of extension selectors:
-
-* Allow or block all extensions from a publisher
-* Allow or block specific extensions
-* Allow specific extension versions
-* Allow specific extension versions and platforms
-* Allow only stable versions of an extension
-* Allow only stable extension versions from a publisher
-
-The following JSON snippet shows examples of the different `extensions.allowed` setting values:
-
-```json
-"extensions.allowed": {
- // Allow all extensions from the 'microsoft' publisher. If the key does not have a '.', it means it is a publisher ID.
- "microsoft": true,
-
- // Allow all extensions from the 'github' publisher
- "github": true,
-
- // Allow prettier extension
- "esbenp.prettier-vscode": true,
-
- // Do not allow container tools extension
- "ms-azuretools.vscode-containers": false,
-
- // Allow only version 3.0.0 of the eslint extension
- "dbaeumer.vscode-eslint": ["3.0.0"],
-
- // Allow multiple versions of the figma extension
- "figma.figma-vscode-extension": ["3.0.0", "4.2.3", "4.1.2"],
-
- // Allow version 5.0.0 of the rust extension on Windows and macOS
- "rust-lang.rust-analyzer": ["5.0.0@win32-x64", "5.0.0@darwin-x64"],
-
- // Allow only stable versions of the GitHub Pull Requests extension
- "github.vscode-pull-request-github": "stable",
-
- // Allow only stable versions from redhat publisher
- "redhat": "stable",
-}
-```
-
-Specify publishers by their publisher ID. If a key does not have a period (`.`), it is considered a publisher ID. If a key has a period, it is considered an extension ID. The use of wildcards is currently not supported.
-
-> [!TIP]
-> You can use `microsoft` as the publisher ID to refer to all extensions published by Microsoft, even though they might have different publisher IDs.
-
-Version ranges are not supported. If you want to allow multiple versions of an extension, you must specify each version individually. To further restrict versions by platform, use the `@` symbol to specify the platform. For example, `"rust-lang.rust-analyzer": ["5.0.0@win32-x64", "5.0.0@darwin-x64"]`.
-
-The more specific the selector, the higher the precedence. For example, `"microsoft": true` and `"microsoft.cplusplus": false` allows all Microsoft extensions, except for the C++ extension.
-
-Duplicate key values are not supported. For example, including both `"microsoft": true` and `"microsoft": false` results in an invalid policy.
-
-If you want to learn more about extensions in VS Code, refer to the [extensions documentation](/docs/configure/extensions/extension-marketplace.md).
-
-## Configure MCP server access
-
-By default, VS Code allows developers to [add any MCP server](/docs/copilot/customization/mcp-servers.md) to their environment. Organizations can restrict which MCP servers are allowed to be used by developers in VS Code. The following configuration options are available in their [GitHub Copilot settings](https://docs.github.com/en/copilot/how-tos/administer-copilot/configure-mcp-server-access):
-
-* Configure from which source MCP servers are enabled to run (controls the `setting(chat.mcp.access)` VS Code setting)
-
- * **All**: developers can run MCP servers from any source
- * **Registry**: developers can only run MCP servers from the MCP registry, other MCP servers are blocked from running
- * **None**: MCP server support is disabled
-
-* Configure a custom MCP registry URL
-
- When the `setting(chat.mcp.gallery.enabled)` VS Code setting is enabled, developers can view the list of MCP servers in the Extensions view. By default, VS Code fetches the list of MCP servers from the [GitHub MCP registry](https://github.com/mcp). Organizations can configure a custom MCP registry URL to fetch the list of MCP servers from a different source.
-
-Learn how to [configure MCP server access](https://docs.github.com/en/copilot/how-tos/administer-copilot/configure-mcp-server-access) in the GitHub Copilot documentation.
-
-## Configure automatic updates
-
-The `update.mode` VS Code setting controls whether VS Code automatically updates when a new version is released. The updates are fetched from a Microsoft online service.
-
-The setting has the following options:
-
-* `none` - updates are disabled
-* `manual` - automatic checking for updates is disabled, but users can manually check for updates
-* `start` - only check for updates when VS Code starts, automatic checking for updates is disabled
-* `default` - automatic checking for updates is enabled and runs in the background periodically
-
-To [centrally manage](#centrally-manage-vs-code-settings) automatic updates for your organization, configure the `UpdateMode` policy using your device management solution. This policy overrides the `update.mode` setting on users' devices. The value of this policy is a string that contains the update mode.
-
-## Configure telemetry level
-
-The `setting(telemetry.telemetryLevel)` VS Code setting controls VS Code telemetry, first-party extension telemetry, and participating third-party extension telemetry. Some third party extensions might not respect this setting. Read more about the [data we collect](https://aka.ms/vscode-telemetry).
-
-* `all` - sends usage data, errors, and crash reports
-* `error` - sends general error telemetry and crash reports
-* `crash` - sends OS level crash reports
-* `off` - disables all product telemetry
-
-To [centrally manage](#centrally-manage-vs-code-settings) telemetry for your organization, configure the `TelemetryLevel` policy using your device management solution. This policy overrides the `telemetry.telemetryLevel` setting on users' devices. The value of this policy is a string that contains the telemetry level.
-
-## Centrally manage VS Code settings
-
-You can centrally manage specific features of VS Code through device management solutions to ensure it meets the needs of your organization. When you specify a VS Code policy, its value overrides the corresponding VS Code setting on users' devices.
-
-
-
-VS Code currently provides policies to control the following admin-controlled features:
-
-| Policy | Description | VS Code setting | Available since |
-|--------------------------------------|----------------------------------------------------------------------------------------------------|-----------------------------------------------|-----------------|
-| `AllowedExtensions` | Specify which extensions can be installed. | `extensions.allowed` | 1.96 |
-| `UpdateMode` | Enable automatic installation of VS Code updates. | `update.mode` | 1.67 |
-| `TelemetryLevel` | Specify telemetry data level. | `telemetry.telemetryLevel` | 1.99 |
-| `EnableFeedback` | Configure feedback mechanisms (issue reporter and surveys). | `telemetry.feedback.enabled` | 1.99 |
-| `ChatAgentMode` | Enable [agent mode](/docs/copilot/chat/copilot-chat.md#built-in-agents). | `chat.agent.enabled` | 1.99 |
-| `ChatAgentExtensionTools` | Enable using tools contributed by third-party extensions. | `chat.extensionTools.enabled` | 1.99 |
-| `ChatPromptFiles` | Enable [prompt and instruction files](/docs/copilot/customization/overview.md) in chat. | `chat.promptFiles` | 1.99 - 1.105 |
-| `ChatMCP` | Enable [Model Context Protocol (MCP) servers](/docs/copilot/customization/mcp-servers.md) support and which sources are allowed. | `chat.mcp.access` | 1.99 |
-| `ChatToolsAutoApprove` | Enable global auto-approval for agent mode tools. | `chat.tools.global.autoApprove` | 1.99 |
-| `ChatToolsEligibleForAutoApproval` | Controls which agent tools are eligible for [automatic approval](/docs/copilot/chat/chat-tools.md#tool-approval). Tools set to `false` always require user approval and can't be auto-approved. Policy is configured via a JSON object, e.g `{"runTask": false, "fetch": false}`. | `chat.tools.eligibleForAutoApproval` | 1.107 |
-| `CopilotReviewSelection` | Enable code review for editor selection. | `github.copilot.chat.reviewSelection.enabled` | 1.104 |
-| `CopilotReviewAgent` | Enable Copilot Code Review for pull requests and changed files. | `github.copilot.chat.reviewAgent.enabled` | 1.104 |
-| `ChatToolsTerminalEnableAutoApprove` | Enable the rule-based auto-approval for the terminal tool. | `chat.tools.terminal.enableAutoApprove` | 1.104 |
-| `McpGalleryServiceUrl` | Configure the MCP Gallery service URL to connect to. | `chat.mcp.gallery.serviceUrl` | 1.101 |
-| `ExtensionGalleryServiceUrl` | Configure the Marketplace service URL to connect to. | `extensions.gallery.serviceUrl` | 1.99 |
-
-### Group Policy on Windows
-
-VS Code has support for [Windows Registry-based Group Policy](https://learn.microsoft.com/previous-versions/windows/desktop/policy/implementing-registry-based-policy). Starting from VS Code version 1.69, each release ships with a `policies` directory containing ADMX template files that can be added to the following path: `C:\Windows\PolicyDefinitions`. Make sure to also copy the corresponding `adml` file to the `C:\Windows\PolicyDefinitions\` directory.
-
-> [!TIP]
-> The ADMX/ADML files can be found by downloading the appropriate [VS Code zip archive](https://code.visualstudio.com/docs/?dv=winzip).
-
-Once the policy definitions are installed, admins can use the [Local Group Policy Editor](https://learn.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn265982(v=ws.11)) to manage the policy values.
-
-Products such as [Microsoft Intune](https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/what-is-intune) may be used to centrally manage device policy at scale.
-
-Policies can be set both at the Computer level and the User level. If both are set, Computer level will take precedence. When a policy value is set, the value overrides the VS Code [setting](/docs/configure/settings.md) value configured at any level (default, user, workspace, etc.).
-
-### Configuration profiles on macOS
-
-Configuration profiles manage settings on macOS devices. A profile is an XML file with key/value pairs that correspond to available policy. These profiles can be deployed using Mobile Device Management (MDM) solutions, or installed manually.
-
-Starting from VS Code version 1.99, each release ships with a sample `.mobileconfig` file. This file is located within the `.app` bundle under `Contents/Resources/app/policies`. Use a text editor to manually edit or remove policy to match your organization's requirements.
-
-> [!TIP]
-> To view the contents of the `.app` bundle, right-click on the application (for example, `/Applications/Visual Studio Code.app`) in Finder and select **Show Package Contents**.
-
-#### String policies
-
-The example below demonstrates configuration of the `AllowedExtensions` policy. The policy value starts empty in the sample file (no extensions are allowed).
-
-```xml
-AllowedExtensions
-
-```
-
-Add the [appropriate JSON string](#configure-allowed-extensions) defining your policy between the `` tags.
-
-```xml
-AllowedExtensions
-{"microsoft": true, "github": true}
-```
-
-Other policies, like `UpdateMode`, accept a string from a set of [predefined values](#configure-automatic-updates).
-
-```xml
-UpdateMode
-start
-```
-
-#### Boolean policies
-
-Boolean policy values are represented with `` or ``.
-
-```xml
-EnableFeedback
-
-```
-
-To omit a given policy, remove its key/value pair from the `.mobileconfig` file. For example, to not enforce an update mode policy, remove the `UpdateMode` key and the `` tags that follow it.
-
-> [!IMPORTANT]
-> The provided `.mobileconfig` file initializes **all** policies available in that version of VS Code. Delete any policies that are not needed.
->
-> If you do not edit or remove a policy from the sample `.mobileconfig`, that policy will be enforced with its default (restrictive) policy value.
-
-Manually install a configuration profile by double-clicking on the `.mobileconfig` profile in Finder and then enabling it in System Preferences under **General** > **Device Management**. Removing the profile from System Preferences will remove the policies from VS Code.
-
-For more information on configuration profiles, refer to [Apple's documentation](https://support.apple.com/guide/mac-help/configuration-profiles-standardize-settings-mh35561/mac).
-
-### JSON policies on Linux
-
-Starting from VS Code version 1.106, you can also configure VS Code setting policies on Linux devices by placing a JSON policy file at `/etc/vscode/policy.json`.
-
-Each release includes a sample `policy.json` file under `resources/app/policies` which includes the available policies. You can find this file by either extracting it from the downloaded package or by selecting and extracting the `tar.gz` file from the Downloads page.
-
-> [!IMPORTANT]
-> The provided `policy.json` file initializes **all** policies available in that version of VS Code. Delete any policies that are not needed.
->
-> If you do not edit or remove a policy from the sample `policy.json`, that policy will be enforced with its default (restrictive) policy value.
-
-### Additional policies
-
-The goal is to promote current VS Code settings as policies and closely follow existing settings, so that the naming and behavior are consistent. If there are requests to enact more policies, please open an issue in the VS Code [GitHub repository](https://github.com/microsoft/vscode/issues). The team will determine if there is already a corresponding setting for the behavior or if a new setting should be created to control the desired behavior.
-
-## Set up VS Code with preinstalled extensions
-
-You can set up VS Code with a set of preinstalled extensions (*bootstrap*). This functionality is useful in cases where you prepare a machine image, virtual machine, or cloud workstation where VS Code is preinstalled and specific extensions are immediately available for users.
-
-> [!NOTE]
-> Support for preinstalling extensions is currently only available on Windows.
-
-Follow these steps to bootstrap extensions:
-
-1. Create a folder `bootstrap\extensions` in the VS Code installation directory.
-
-1. Download the [VSIX files](/docs/configure/extensions/extension-marketplace.md#can-i-download-an-extension-directly-from-the-marketplace) for the extensions that you want to preinstall and place them in the `bootstrap\extensions` folder.
-
-1. When a user launches VS Code for the first time, all extensions in the `bootstrap\extensions` folder are installed silently in the background.
-
-Users can still uninstall extensions that were preinstalled. Restarting VS Code after uninstalling an extension will not reinstall the extension.
-
-## Related resources
-
-* [Learn about security considerations of using AI in VS Code](/docs/copilot/security.md)
diff --git a/docs/toc.json b/docs/toc.json
index aea733c73e..1ce2515b56 100644
--- a/docs/toc.json
+++ b/docs/toc.json
@@ -11,7 +11,6 @@
["Raspberry Pi", "/docs/setup/raspberry-pi"],
["Network", "/docs/setup/network"],
["Additional Components", "/docs/setup/additional-components"],
- ["Enterprise", "/docs/setup/enterprise"],
["Uninstall", "/docs/setup/uninstall"]
]
},
@@ -205,6 +204,19 @@
]
},
+ {
+ "name": "Enterprise",
+ "area": "enterprise",
+ "topics": [
+ ["Overview", "/docs/enterprise/overview"],
+ ["Enterprise Policies", "/docs/enterprise/policies"],
+ ["AI Settings", "/docs/enterprise/ai-settings"],
+ ["Extensions", "/docs/enterprise/extensions"],
+ ["Telemetry", "/docs/enterprise/telemetry"],
+ ["Updates", "/docs/enterprise/updates"]
+ ]
+ },
+
{
"name": "Languages",
"area": "languages",