Note
This feature is in public preview and subject to change.
Use this reference to understand the currently supported keys in managed-settings.json.
For deployment methods, see Configuring enterprise-managed settings.
Precedence rules
When multiple settings sources are present, clients apply settings in this order:
- Server-managed settings
- MDM-managed settings
- File-based settings
- User-level settings
MDM-managed settings take precedence. If MDM-managed settings are not available, clients apply server-managed settings before file-based settings.
Supported keys
| Key | Type | Accepted values | Purpose |
|---|---|---|---|
permissions.disable | string | "disable" | Disables bypass or YOLO-style allow-all behavior |
enabledPlugins | object | Key format: PLUGIN-NAME@MARKETPLACE-NAME; value: true | Enables specific plugins by key |
extra | object | Named marketplace object with source.source ("github") and source.repo (OWNER/REPO) | Adds plugin marketplaces that users can access |
strict | array | Array of marketplace objects with source values ("github" with repo, or "git" with url) | Restricts plugin installation to explicitly listed marketplaces |
model | object | default set to a supported model name | Defines default model governance settings |
telemetry | object | enabled (boolean), endpoint (string), protocol ("otlp-http" or "otlp-grpc"), captureContent (boolean), lock (boolean), serviceName (string), resource (object), headers (object) | Configures OpenTelemetry export for VS Code |
Example configuration
The following example shows these keys in one managed settings file.
{
"permissions": {
"disableBypassPermissionsMode": "disable"
},
"enabledPlugins": {
"my-plugin@agent-skills": true
},
"extraKnownMarketplaces": {
"agent-skills": {
"source": {
"source": "github",
"repo": "OWNER/REPO"
}
}
},
"strictKnownMarketplaces": [
{
"source": "github",
"repo": "OWNER/REPO"
}
],
"model": {
"default": "MODEL-NAME"
},
"telemetry": {
"enabled": true,
"endpoint": "https://otel-collector.example.com",
"protocol": "otlp-http",
"captureContent": false,
"lockCaptureContent": true,
"serviceName": "copilot",
"resourceAttributes": {
"deployment.environment": "production"
},
"headers": {
"Authorization": "Bearer TOKEN"
}
}
}