Settings

In this lesson, you’ll learn how to customize GitHub Copilot’s settings to fit your workflow and security needs. You’ll explore both global and repository-level options—how to manage access, control what Copilot can see, and fine-tune how it behaves when working with your code.\

By the end, you’ll understand how to configure Copilot so it stays helpful, safe, and aligned with your team’s practices.

1 Problem
2 What you need to know
- 2.1 Why Settings Matter
- 2.2 Global Settings
- 2.3 Repository-Specific Settings
  - 2.3.1 Content Exclusion
  - 2.3.2 Code Review
  - 2.3.3 Coding Agent
3 ✏️ Exercise
4 Next Steps

Problem

Copilot is powerful out of the box, but every team and repository is different. Some projects require strict privacy controls, others need tailored behavior or limited access to external tools. Without the right configuration, Copilot might surface irrelevant files, suggest changes in sensitive areas, or behave inconsistently across repos.

Settings solve this by giving you control over what Copilot can do, what it can access, and how it participates in your workflows.

What you need to know

Copilot Settings they let you shape how Copilot behaves, what it can see, and how it interacts with your code and external tools.

Think of these settings as your command center for Copilot. Here, you can control everything from how much context it uses to whether it can access the internet, to which files it should completely ignore. At the organizational level, settings help maintain security and consistency. At the personal or repo level, they fine-tune Copilot for your day-to-day work.

Why Settings Matter

Security & Privacy: Keep sensitive data safe by excluding confidential files or limiting external access.
Consistency: Enforce coding standards and best practices through instruction files and rulesets.
Performance & Focus: Help Copilot stay relevant by trimming away noise—like dependencies or build outputs—so its suggestions stay sharp.
Control: Decide how Copilot interacts with your repositories and when it’s allowed to act on your behalf.

Whether you’re customizing Copilot for yourself or configuring it for an entire team, understanding these settings ensures Copilot works for you—not around you.

In short: Copilot Settings give you the levers to make AI collaboration safe, predictable, and tailored to your workflow.

Global Settings

To access your global Copilot settings:

Click your profile picture in the top-right menu bar.
Select Copilot Settings.

On this page you’ll see:

Feature overview – a list of Copilot features available to your account.
Usage statistics – how many premium requests you’ve used in the current cycle.
Feature toggles – settings that let you enable or disable Copilot features (unless these are controlled by your organization’s administrator).

This page gives you a high-level view of how Copilot is configured for your account and what capabilities are enabled.

Repository-Specific Settings

From any repository, you can configure Copilot by:

Clicking Settings in the repo.
Navigating to the Copilot section.

Within these settings, there are several important controls:

Content Exclusion

Specify paths (folders or files) that Copilot should ignore.
Useful for preventing Copilot from training its context on irrelevant or misleading code, such as:
- Generated files
- Vendor or dependency code
- Sensitive configurations

Code Review

Instructions file: Toggle whether Copilot should use a repo-specific instructions file.
- The file lives at .github/copilot-instructions.md.
- It can define rules, roles, or context for Copilot to follow during reviews (e.g., coding style, testing practices, security concerns).

Rulesets: Define custom rules that restrict what Copilot can or cannot do.
- These rules ensure Copilot aligns with your team’s best practices.

Coding Agent

This section controls how the Copilot agent interacts with external resources:

Firewall: Decide if Copilot can access the internet while working.
Allow list: Define which external domains Copilot is allowed to access (for fetching docs, APIs, etc.).

MCP servers: Configure Model Context Protocol (MCP) servers, which extend Copilot with additional tools or integrations.
- Example: connecting to a testing service, a documentation source, or internal APIs.
- Note: Any environment secrets you want to use in these MCP configurations need to be prefixed with COPILOT_MCP.

From a security perspective, these settings are critical for ensuring Copilot works within safe boundaries and only uses approved external resources.

✏️ Exercise

Goal: Practice changing Copilot’s settings

Step 1 – Experiment

Play around with various Copilot settings to get a feel for what they do

Next Steps

You now know how to configure Copilot using global and repository-level settings!

Continue to: https://bitovi.atlassian.net/wiki/spaces/AIEnabledDevelopment/pages/1559429257/Copilot+General+Cloud+Usage#Conclusion