Refactor enterprise documentation

build/sitemap.xml

@@ -136,7 +136,32 @@
         <priority>0.8</priority>
     </url>
     <url>
-        <loc>https://code.visualstudio.com/docs/setup/enterprise</loc>
+        <loc>https://code.visualstudio.com/docs/enterprise/overview</loc>
+        <changefreq>weekly</changefreq>
+        <priority>0.8</priority>
+    </url>
+    <url>
+        <loc>https://code.visualstudio.com/docs/enterprise/policies</loc>
+        <changefreq>weekly</changefreq>
+        <priority>0.8</priority>
+    </url>
+    <url>
+        <loc>https://code.visualstudio.com/docs/enterprise/ai-settings</loc>
+        <changefreq>weekly</changefreq>
+        <priority>0.8</priority>
+    </url>
+    <url>
+        <loc>https://code.visualstudio.com/docs/enterprise/telemetry</loc>
+        <changefreq>weekly</changefreq>
+        <priority>0.8</priority>
+    </url>
+    <url>
+        <loc>https://code.visualstudio.com/docs/enterprise/updates</loc>
+        <changefreq>weekly</changefreq>
+        <priority>0.8</priority>
+    </url>
+    <url>
+        <loc>https://code.visualstudio.com/docs/enterprise/extensions</loc>
         <changefreq>weekly</changefreq>
         <priority>0.8</priority>
     </url>

docs/configure/extensions/extension-marketplace.md

@@ -366,7 +366,7 @@ Get more information about [extension runtime security](/docs/configure/extensio
 
 ### Can I host extensions internally for my organization?
 
-Yes, see the [Private Marketplace for Extensions](https://code.visualstudio.com/docs/setup/enterprise#_private-marketplace-for-extensions).
+Yes, see the [Private Marketplace for Extensions](/docs/enterprise/extensions.md#host-a-private-extension-marketplace).
 
 ### The extension signature cannot be verified by VS Code
 
@@ -407,4 +407,4 @@ VS Code does not synchronize your extensions to or from a [remote](/docs/remote/
 
 You can control which extensions can be installed in your organization by configuring the `extensions.allowed` application setting. If the setting is not configured, all extensions are allowed. If the setting is configured, all extensions not listed are blocked from installing.
 
-Get more details about [configuring allowed extensions](/docs/setup/enterprise.md#configure-allowed-extensions).
+Get more details about [configuring allowed extensions](/docs/enterprise/extensions.md#configure-allowed-extensions).

docs/configure/extensions/extension-runtime-security.md

@@ -43,7 +43,7 @@ Before you install an extension, you can take various steps to determine if it's
     ![Verified publisher](images/extension-marketplace/bluecheck.png)
 
 > [!TIP]
-> If you want to enforce which extensions are allowed to be used in your organization, check out how to [configure allowed extensions in VS Code](/docs/setup/enterprise.md#configure-allowed-extensions).
+> If you want to enforce which extensions are allowed to be used in your organization, check out how to [configure allowed extensions in VS Code](/docs/enterprise/extensions.md#configure-allowed-extensions).
 
 ## Marketplace protections
 
@@ -83,4 +83,4 @@ To report an extension:
 
 * Use [Workspace Trust](/docs/editing/workspaces/workspace-trust.md) to decide whether code in a project folder can be executed by VS Code and extensions without explicit approval. This adds an extra layer of security when working with unfamiliar code.
 
-* Configure [allowed extensions in VS Code](/docs/setup/enterprise.md#configure-allowed-extensions) to enforce which extensions are allowed to be used in your organization.
+* Configure [allowed extensions in VS Code](/docs/enterprise/extensions.md#configure-allowed-extensions) to enforce which extensions are allowed to be used in your organization.

docs/configure/settings.md

@@ -99,7 +99,7 @@ Here are some of the filters available:
 
 * `@ext`: settings specific to an extension. You provide the extension ID such as `@ext:ms-python.python`.
 * `@feature`: settings specific to a **Features** subgroup. For example, `@feature:explorer` shows settings of the File Explorer.
-* `@haspolicy`: settings that are controlled by your [organization](/docs/setup/enterprise.md).
+* `@haspolicy`: settings that are controlled by your [organization](/docs/enterprise/policies.md).
 * `@id`: find a setting based on the setting ID. For example, `@id:workbench.activityBar.visible`.
 * `@lang`: apply a language filter based on a language ID. For example, `@lang:typescript`. See [Language-specific editor settings](#language-specific-editor-settings) for more details.
 * `@tag`: settings specific to a system of VS Code. For example, `@tag:workspaceTrust` for settings related to [Workspace Trust](/docs/editing/workspaces/workspace-trust.md), `@tag:accessibility` for settings related to accessibility, or `@tag:advanced` for advanced VS Code settings.

docs/configure/telemetry.md

@@ -164,6 +164,6 @@ Please read the [extension guides telemetry document](/api/extension-guides/tele
 
 ## Related resources
 
-* [Centrally manage telemetry log level](/docs/setup/enterprise.md#configure-telemetry-level) - Learn how to set the telemetry log level for your organization.
+* [Centrally manage telemetry log level](/docs/enterprise/telemetry.md#configure-telemetry-level) - Learn how to set the telemetry log level for your organization.
 * [Visual Studio Code FAQ](/docs/supporting/faq.md) - Consult the Frequently Asked Questions to learn more.
 * [User and Workspace Settings](/docs/configure/settings.md) - Read about available options to customize VS Code.

docs/copilot/chat/chat-tools.md

@@ -105,7 +105,7 @@ Tools and agent actions might result in file modifications. Learn how you can pr
 
 By default, you can choose to automatically approve any tool. To prevent accidental approvals, you can disable automatic approvals for specific tools with the `setting(chat.tools.eligibleForAutoApproval)` setting. Set the value to `false` to always require manual approval for that tool.
 
-Organizations can also use device management policies to enforce manual approvals for specific tools. Learn more in the [Enterprise documentation](/docs/setup/enterprise.md).
+Organizations can also use device management policies to enforce manual approvals for specific tools. Learn more in the [Enterprise documentation](/docs/enterprise/ai-settings.md).
 
 ### URL approval
 

docs/copilot/customization/mcp-servers.md

@@ -470,7 +470,7 @@ Learn more about [MCP development mode](/api/extension-guides/ai/mcp.md#mcp-deve
 
 ## Centrally control MCP access
 
-Organizations can centrally manage access to MCP servers via GitHub policies. Learn more about [enterprise management of MCP servers](/docs/setup/enterprise.md#configure-mcp-server-access).
+Organizations can centrally manage access to MCP servers via GitHub policies. Learn more about [enterprise management of MCP servers](/docs/enterprise/ai-settings.md#configure-mcp-server-access).
 
 ## Frequently asked questions
 

docs/copilot/security.md

@@ -124,7 +124,7 @@ VS Code includes robust protections for sensitive information used in AI-assiste
 
 ### Enterprise policies
 
-Organizations can implement [centralized security controls](/docs/setup/enterprise.md#centrally-manage-vs-code-settings) to manage AI-assisted development capabilities across their development teams.
+Organizations can implement [centralized security controls](/docs/enterprise/policies.md) to manage AI-assisted development capabilities across their development teams.
 
 ## User responsibilities and best practices
 
@@ -149,4 +149,4 @@ While VS Code includes many security protections, users should remain proactive
 * [MCP server trust](/docs/copilot/customization/mcp-servers.md#mcp-server-trust)
 * [Manage tool auto approvals](/docs/copilot/chat/chat-tools.md#tool-approval)
 * [Extension runtime security](/docs/configure/extensions/extension-runtime-security.md)
-* [VS Code enterprise support](/docs/setup/enterprise.md)
+* [VS Code enterprise support](/docs/enterprise/overview.md)

docs/enterprise/ai-settings.md

@@ -0,0 +1,115 @@
+---
+ContentId: f8a9c3d2-4e7b-5f1a-b6c8-9d0e2f3a7b4c
+DateApproved: 01/08/2026
+MetaDescription: Learn how to centrally manage AI settings in VS Code for enterprise environments, including agent mode, MCP servers, and tool approvals.
+---
+
+# Manage AI settings in enterprise environments
+
+VS Code provides AI-powered development capabilities through GitHub Copilot, including agent mode, MCP servers, and chat tools. Organizations can centrally manage these features to control AI behavior, enforce security policies, and maintain compliance across their development teams.
+
+This article covers the AI-related settings that IT admins can manage through [enterprise policies](/docs/enterprise/policies.md).
+
+Users can control the functionality and behavior of AI features through VS Code settings. Organizations can enforce specific configurations by deploying enterprise policies via device management solutions. These policies override user-configured settings on managed devices.
+
+Learn how to [deploy policies for VS Code](/docs/enterprise/policies.md) to your organization's devices.
+
+## Enable or disable the use of agents
+
+[Agents](/docs/copilot/agents/overview.md) enable the AI to autonomously perform tasks like editing files, running terminal commands, and using tools. Agents enable developers to provide a high-level requirement and have the AI assistant analyze, plan, and execute the necessary steps to achieve that goal.
+
+To disable agents entirely, set the `ChatAgentMode` policy to `false`. This configures the `setting(chat.agent.enabled)` setting in VS Code.
+
+The **Agent** option will not be available in the agents dropdown in the Chat view when this policy is applied. Developers can still use [ask or edit](/docs/copilot/chat/copilot-chat.md) for code explanations and file edits, but autonomous code generation and task execution are not available.
+
+## Enable or disable extension language tools
+
+[Tools in chat](/docs/copilot/chat/chat-tools.md) extend the AI assistant's capabilities with specialized functions. These tools can come from built-in features, Model Context Protocol (MCP) servers, or third-party extensions.
+
+Third-party extensions can contribute tools that integrate with chat by using the [Language Model Tools API](/api/extension-guides/ai/tools).
+
+To prevent developers from using extension-contributed tools while still allowing built-in tools and MCP tools, set the `ChatAgentExtensionTools` policy to `false`. This configures the `setting(chat.extensionTools.enabled)` setting in VS Code.
+
+## Configure MCP server access
+
+[Model Context Protocol (MCP) servers](/docs/copilot/customization/mcp-servers.md) extend chat with external tools and services. Organizations can control which MCP servers developers can use through both GitHub organization settings and VS Code policies.
+
+### Restrict MCP server sources
+
+The `ChatMCP` policy controls which sources MCP servers can be installed from. This configures the `setting(chat.mcp.access)` setting in VS Code.
+
+The following values are supported:
+
+| Value          | Description                                                      |
+|----------------|------------------------------------------------------------------|
+| `allowed`      | Developers can run MCP servers from any source                   |
+| `registryOnly` | Developers can only run MCP servers from the configured registry |
+| `off`          | MCP server support is disabled                                   |
+
+### Configure a custom MCP registry
+
+You can host a private MCP server registry for your organization and configure VS Code to use it through the `McpGalleryServiceUrl` policy. This enables you to:
+
+* Provide a curated list of approved MCP servers
+* Host internal MCP servers for your organization
+* Block access to the public GitHub MCP registry
+
+When configured, developers see MCP servers from your custom registry in the Extensions view when they enter `@mcp` in the search field.
+
+Organizations with GitHub Copilot Enterprise or Business can also configure MCP server access through [GitHub organization settings](https://docs.github.com/en/copilot/how-tos/administer-copilot/configure-mcp-server-access).
+
+## Configure agent tool approvals
+
+Agent tools can perform actions that modify files, run commands, or access external services. VS Code includes approval prompts for potentially risky operations. Organizations can enforce stricter approval requirements or disable auto-approval entirely.
+
+Learn more about [tool approval](/docs/copilot/chat/chat-tools.md#tool-approval) in VS Code.
+
+### Disable global auto-approval
+
+The `ChatToolsAutoApprove` policy controls the global auto-approval setting, also known as "YOLO mode". When enabled, the AI assistant can execute all tools without manual approval. This is not recommended for security reasons.
+
+To prevent developers from enabling global auto-approval, set the `ChatToolsAutoApprove` policy to `false`. This configures the `setting(chat.tools.global.autoApprove)` setting in VS Code.
+
+> [!CAUTION]
+> Global auto-approval bypasses all security prompts for tool invocations. Disabling this feature is strongly recommended for enterprise environments.
+
+### Require manual approval for specific tools
+
+The `ChatToolsEligibleForAutoApproval` policy controls which tools can be auto-approved. Tools set to `false` always require manual approval and cannot be auto-approved by users.
+
+Configure this policy with a JSON object that lists tool names and their approval eligibility. This configures the `setting(chat.tools.eligibleForAutoApproval)` setting in VS Code.
+
+The following JSON snippet shows an example configuration that requires manual approval for task execution, URL fetching, and terminal commands:
+
+```json
+{
+    "runTask": false,
+    "fetch": false,
+    "runInTerminal": false
+}
+```
+
+### Configure terminal auto-approval
+
+The `ChatToolsTerminalEnableAutoApprove` policy specifically controls the rule-based auto-approval system for terminal commands. When enabled, VS Code applies a set of rules to automatically approve safe commands while prompting for potentially dangerous ones.
+
+To disable terminal auto-approval entirely, set the policy to `false`. This configures the `setting(chat.tools.terminal.enableAutoApprove)` setting in VS Code.
+
+## Configure Copilot code review
+
+Copilot code review enables AI-powered review of code changes. Organizations can control access to these features.
+
+The `CopilotReviewSelection` policy controls whether developers can request code review for selected code in the editor. This configures the `setting(github.copilot.chat.reviewSelection.enabled)` setting in VS Code.
+
+The `CopilotReviewAgent` policy controls access to the Copilot code review agent for reviewing pull requests and changed files. This configures the `setting(github.copilot.chat.reviewAgent.enabled)` setting in VS Code.
+
+## Security considerations
+
+AI-powered development features can autonomously perform actions with user-level permissions. Refer to the [security documentation](/docs/copilot/security.md) for a comprehensive overview of AI security considerations and best practices.
+
+## Related resources
+
+* [Enterprise policies reference](/docs/enterprise/policies.md) - Complete list of enterprise policies
+* [Use tools in chat](/docs/copilot/chat/chat-tools.md) - Learn how tools work in VS Code chat
+* [MCP servers in VS Code](/docs/copilot/customization/mcp-servers.md) - Configure and use MCP servers
+* [AI security considerations](/docs/copilot/security.md) - Security best practices for AI features