GitHub Copilot enterprise managed settings now support strictKnownMarketplaces in VS Code and Copilot CLI

What's new

• strictKnownMarketplaces in enterprise managed settings
• Supported in VS Code and Copilot CLI
• Admin defines allowed marketplaces; everything else is blocked
• Integrated with the existing Copilot policy framework

Why it matters

After the recent Agentjacking attack via Sentry that hit 2,388 organizations, supply-chain security for AI tooling is on every CISO's radar. This setting closes a concrete vector — fake or compromised plugins from unverified marketplaces.

How to try

Configure in the enterprise admin panel under managed settings → strictKnownMarketplaces.