GitHub Copilot: Enterprise AI Controls and Agent Control Plane Now Generally Available

Enterprise AI Controls Reach General Availability

GitHub has promoted its Enterprise AI Controls suite from public preview to general availability, delivering a comprehensive governance layer for organizations managing AI-assisted development at scale. The controls provide enterprise administrators with centralized visibility and policy enforcement across all Copilot-powered agents operating within their GitHub organization.

The GA release addresses a critical gap that emerged as organizations moved from individual developer adoption of Copilot to organization-wide deployment: the need for consistent governance, audit trails, and policy controls that match the rigor applied to other enterprise development tools.

Dedicated AI Administrator Role

The release introduces a new AI administrator role, distinct from existing organization and enterprise admin roles. AI administrators have access to a consolidated workspace that surfaces all AI-related configuration, policy, and monitoring in a single view. This role can be assigned to security engineers, platform engineers, or compliance officers without granting them broader organization administration privileges.

The AI admin workspace provides a unified dashboard showing active agents, model usage patterns, MCP server connections, and policy compliance status across the organization. This centralized view replaces the previous approach of scattering AI-related settings across multiple organization settings pages.

Agent Control Plane

The agent control plane provides real-time visibility into cloud agent sessions, displaying active and recently completed sessions from the prior 24 hours. Administrators can see which agents are running, what repositories they are operating in, what actions they have taken, and whether any policy violations have occurred.

Each agent action in the control plane is tagged with a unique agent identifier, enabling administrators to trace specific actions back to the agent instance that performed them. This is particularly important for organizations running multiple concurrent agent sessions, where understanding which agent made a specific code change or executed a specific command is essential for security and compliance.

Full Audit Log Integration

All agent actions are now recorded in GitHub's enterprise audit log with per-action agent identifiers. This includes file reads, file writes, terminal command executions, API calls, and MCP server interactions. The audit log entries include the full context of each action — the agent that performed it, the model that powered it, the repository it operated in, and the user who initiated the session.

Audit log integration supports existing SIEM and log aggregation workflows, allowing organizations to incorporate agent activity into their existing security monitoring pipelines without building custom integrations.

Enterprise-Wide MCP Registry Management

The GA release includes enterprise-wide MCP registry management, allowing administrators to define approved MCP servers at the organization level. Approved servers are automatically available to all developers in the organization, while unapproved servers are blocked by default. Administrators can also define per-repository overrides for cases where specific teams need access to specialized MCP servers.

The registry supports both allowlist and blocklist modes, giving organizations flexibility in how they manage MCP server access. In allowlist mode, only explicitly approved servers can be used. In blocklist mode, all servers are permitted except those explicitly blocked.

Availability

Enterprise AI Controls and the agent control plane are available immediately for all GitHub Enterprise Cloud customers with Copilot Enterprise licenses. The features are enabled by default for existing Enterprise customers who participated in the public preview, with no migration steps required.