Skip to content

Add policy control for extensions.autoUpdate setting #283843

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Add policy control for extensions.autoUpdate setting #283843

Copilot wants to merge 2 commits into from
+26 −1

Conversation

Copy link
Contributor

Copilot AI commented Dec 16, 2025
edited
Loading

Enables enterprise group policy management of the extensions.autoUpdate setting, allowing IT administrators to enforce extension update behavior across their organization.

Changes

  • Added policy metadata to extensions.autoUpdate configuration in extensions.contribution.ts
    • Policy name: ExtensionsAutoUpdate
    • Category: Extensions
    • Supports all existing enum values: true, 'onlyEnabledExtensions', false
    • Includes localization for policy descriptions and enum values

Usage

Administrators can now set the policy through standard OS mechanisms:

  • Windows: Group Policy Objects (GPO)
  • macOS: Configuration profiles
  • Linux: Policy files at /etc/vscode/policy.json

When active, the policy overrides user settings and locks the UI, displaying a policy indicator.

Use Cases

  • Always update: Set to true to ensure developers receive security patches automatically
  • Controlled updates: Set to false to maintain stable, tested extension versions
  • Selective updates: Set to 'onlyEnabledExtensions' for granular control
Original prompt

This section details on the original issue you should resolve

<issue_title>extensions.autoUpdate setting should be group policy controlled</issue_title>
<issue_description>Continuation from #84756

Here's the user request #84756 (comment)

By making extensions.autoUpdate enterprise controlled, we would allow enterprises to either disable extension auto updates, or make sure that their developers are always on latest versions of extensions (to always have latest security patches).</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@sandy081
Add policy control for extensions.autoUpdate setting
23954a2 
This change allows enterprises to control the extensions.autoUpdate setting
via group policy. Administrators can now enforce whether developers'
extensions are automatically updated or not, providing better security
and update control in enterprise environments.

The policy is registered as 'ExtensionsAutoUpdate' in the Extensions
category and supports all existing auto-update modes:
- true: All extensions auto-update
- 'onlyEnabledExtensions': Only enabled extensions auto-update
- false: No automatic updates

Fixes #84756

Co-authored-by: sandy081 <10746682+sandy081@users.noreply.github.com>
Copilot AI changed the title [WIP] Add group policy control for extensions.autoUpdate setting Add policy control for extensions.autoUpdate setting Dec 16, 2025
Copilot AI requested a review from sandy081 December 16, 2025 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sandy081 sandy081 Awaiting requested review from sandy081

At least 1 approving review is required to merge this pull request.

Assignees

@sandy081 sandy081

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

extensions.autoUpdate setting should be group policy controlled

2 participants

@sandy081