Centrally manage VS Code settings with policies

Name: Visual Studio Code
Author: Microsoft

Enterprise policies in Visual Studio Code enable organizations to centrally manage VS Code settings for their development teams to ensure consistency and compatibility across their organization. When a policy value is set, the value overrides the VS Code setting value configured at any level (default, user, and workspace).

IT admins can deploy and enforce specific VS Code configurations on users' devices through different device management solutions. VS Code supports applying policies on Windows, macOS, and Linux.

Settings editor showing that the 'Extensions: Allowed' setting is managed by the organization.

In this article, you learn which enterprise policies are available in VS Code and how to configure them on different operating systems.

Windows group policies

VS Code has support for Windows Registry-based Group Policy.

These profiles can be deployed using Mobile Device Management (MDM) solutions or installed manually on individual devices.

Step 1: Obtain the sample ADMX and ADML files

Starting from VS Code version 1.69, each release ships with a policies directory containing ADMX template files that define the available policies.

You can get the ADMX and ADML files from either an existing installation or by downloading and extracting the VS Code zip archive. Follow these steps to obtain the files:

Download the VS Code zip archive for your version of VS Code.
Extract the zip file to a temporary location.
Navigate to the policies folder in the extracted files. This folder contains the ADMX template files (for example, vscode.admx) and a locales subfolder with ADML files for different languages.

Step 2: Configure policy values

Edit the policy values according to your requirements:

String policies - policies that accept text values or JSON strings:

<!-- Example: Allow extensions from specific publishers -->
<key>AllowedExtensions</key>
<string>{"microsoft": true, "github": true}</string>

<!-- Example: Set update mode to a specific value -->
<key>UpdateMode</key>
<string>start</string>

Important

If there's a syntax error in the policy value, the setting will not be applied. You can check the Window log in VS Code for errors (press ⇧⌘P (Windows, Linux Ctrl+Shift+P) and enter Show Window Log).

Boolean policies - policies that accept true/false values:

<!-- Example: Enable user feedback -->
<key>EnableFeedback</key>
<true/>

<!-- Example: Disable telemetry -->
<key>EnableTelemetry</key>
<false/>

Remove unwanted policies - delete both the key and value for any policy you don't want to enforce:

<!-- To not enforce an update mode policy, remove these lines: -->
<key>UpdateMode</key>
<string>start</string>

Refer to the policy reference below for details on each policy's accepted values and behavior.

Step 3: Deploy the policies

You can now deploy the configured policies at scale to all relevant devices in your organization using a device management solution. You can manually test the policies on a local Windows machine before deploying them at scale using the Local Group Policy Editor.

Deploy policies at scale

Products such as Microsoft Intune or Active Directory Group Policy can be used to centrally manage device policy at scale across an organization. These solutions allow administrators to deploy the ADMX/ADML files and policy configurations to multiple devices from a central location.

For Active Directory environments, copy the ADMX and ADML files to the Central Store to make the policies available across the domain.

Manually test policies on a local machine

If you want to test the policies on a local Windows machine before deploying them at scale, you can manually install the ADMX/ADML files and configure the policies using the Local Group Policy Editor.

Follow these steps to configure VS Code policies on a local Windows machine:

Step 1: Install the policy definition files

Copy the vscode.admx file to C:\Windows\PolicyDefinitions.
Copy the appropriate ADML file from the locales subfolder (for example, en-US\vscode.adml) to C:\Windows\PolicyDefinitions\<your-locale> (for example, C:\Windows\PolicyDefinitions\en-US).

Note

You need administrator privileges to copy files to the PolicyDefinitions directory.

Step 2: Open the Local Group Policy Editor

Press Windows+R to open the Run dialog.
Type gpedit.msc and press Enter to open the Local Group Policy Editor.
If prompted by User Account Control, select Yes to allow the app to make changes.

Step 3: Navigate to VS Code policies

The VS Code policies are available under both Computer Configuration and User Configuration:

Computer Configuration > Administrative Templates > Microsoft VS Code
User Configuration > Administrative Templates > Microsoft VS Code

Tip

Computer-level policies take precedence over user-level policies when both are configured.

Step 4: Configure a policy

Select the policy category (either Computer Configuration or User Configuration).
Navigate to Administrative Templates > Microsoft VS Code.
Double-click on the policy you want to configure (for example, Update Mode).
In the policy settings dialog, select Enabled to enforce the policy.
Configure the policy value using the available options or text fields.
Select OK to save the changes.
Close the Local Group Policy Editor.

The policy will take effect the next time VS Code is started. Some policies may require restarting Windows to take effect.

macOS configuration profiles

Configuration profiles manage settings on macOS devices. A profile is an XML file (.mobileconfig) with key/value pairs that correspond to available policies.

These profiles can be deployed using Mobile Device Management (MDM) solutions or installed manually on individual devices.

Step 1: Obtain the sample configuration profile

Starting from VS Code version 1.99, each release ships with a sample .mobileconfig file. Follow these steps to locate the sample file on a macOS device with VS Code installed:

Open Finder and navigate to /Applications.
Right-click on Visual Studio Code.app (or your VS Code variant) and select Show Package Contents.
Navigate to Contents/Resources/app/policies.
Locate the sample .mobileconfig file (for example, vscode-sample.mobileconfig).

Step 2: Configure policy values

Copy the sample .mobileconfig file to a working location (for example, your Desktop or Documents folder).
Open the copied file in a text editor (for example, TextEdit, VS Code, or any XML editor).

Edit the policy values according to your requirements:

String policies - policies that accept text values or JSON strings:

<!-- Example: Allow extensions from specific publishers -->
<key>AllowedExtensions</key>
<string>{"microsoft": true, "github": true}</string>

<!-- Example: Set update mode to a specific value -->
<key>UpdateMode</key>
<string>start</string>

Important

Boolean policies - policies that accept true/false values:

<!-- Example: Enable user feedback -->
<key>EnableFeedback</key>
<true/>

<!-- Example: Disable telemetry -->
<key>EnableTelemetry</key>
<false/>

Remove unwanted policies - delete both the key and value for any policy you don't want to enforce:

<!-- To not enforce an update mode policy, remove these lines: -->
<key>UpdateMode</key>
<string>start</string>

Refer to the policy reference for details on each policy's accepted values and behavior.

Step 3: Deploy the policies

You can now deploy the configured policies at scale to all relevant devices in your organization with an MDM solution. You can manually test the policies on a local machine before deploying them at scale.

Deploy profiles at scale

For enterprise deployments across multiple devices, use Mobile Device Management (MDM) solutions such as:

Microsoft Intune
Apple Business Manager with MDM

For more information on configuration profiles, refer to Apple's documentation.

Manually test policies on a local machine

Configure policies manually

Follow these steps to manually test your VS Code policy configuration on a macOS device before deploying at scale:

Step 1: Install the configuration profile

Save your edited .mobileconfig file.
Double-click the .mobileconfig file in Finder.
The System Settings (or System Preferences on older macOS versions) will open.
Review the profile details and select Install (or Continue depending on your macOS version).
If prompted, authenticate with your administrator credentials.
Confirm the installation when prompted.

Step 2: Verify the profile installation

Open System Settings (macOS Ventura and later) or System Preferences (earlier versions).
Navigate to Privacy & Security > Profiles (or General > Device Management on older versions).
Verify that your VS Code configuration profile appears in the list.
Launch VS Code to see the policies in effect.

Note

Policies take effect immediately for new VS Code instances. You may need to restart VS Code if it's already running.

Remove a configuration profile

To remove policies and revert to default settings:

Open System Settings > Privacy & Security > Profiles.
Select the VS Code configuration profile.
Select the Remove (or -) button.
Authenticate with your administrator credentials to confirm removal.

Linux JSON policies

Starting from VS Code version 1.106, you can configure VS Code setting policies on Linux devices by placing a JSON policy file at /etc/vscode/policy.json. This approach uses a simple JSON format to define policy values.

These profiles can be deployed using Mobile Device Management (MDM) solutions or installed manually on individual devices.

Step 1: Obtain the sample policy file

Starting from VS Code version 1.106, each release ships with a sample .policy.json file. You can obtain it from either an existing installation or by downloading and extracting the VS Code archive. The file is located in the resources/app/policies directory.

Step 2: Configure policy values

Copy the sample policy.json file to a working location:

sudo cp /usr/share/code/resources/app/policies/policy.json /tmp/policy.json

Edit the file using your preferred text editor:

sudo nano /tmp/policy.json
# or
sudo vim /tmp/policy.json
# or
code /tmp/policy.json

Edit the policy values according to your requirements:

String policies - policies that accept text values or JSON strings:

<!-- Example: Allow extensions from specific publishers -->
<key>AllowedExtensions</key>
<string>{"microsoft": true, "github": true}</string>

<!-- Example: Set update mode to a specific value -->
<key>UpdateMode</key>
<string>start</string>

Important

Boolean policies - policies that accept true/false values:

<!-- Example: Enable user feedback -->
<key>EnableFeedback</key>
<true/>

<!-- Example: Disable telemetry -->
<key>EnableTelemetry</key>
<false/>

Remove unwanted policies - delete both the key and value for any policy you don't want to enforce:

<!-- To not enforce an update mode policy, remove these lines: -->
<key>UpdateMode</key>
<string>start</string>

Refer to the policy reference for details on each policy's accepted values and behavior.

Step 3: Deploy the policies

Deploy policies at scale

For enterprise Linux deployments across multiple devices, use configuration management tools such as Ansible, Puppet, Chef, or Salt to deploy the policy.json file.

These tools allow administrators to deploy, update, and remove policies remotely across all managed Linux devices in the organization.

Manually test policies on a local machine

Step 1: Copy the policy file

Ensure the /etc/vscode directory exists:
```
sudo mkdir -p /etc/vscode
```
Note
You need root or sudo privileges to create the directory and manage policy files in /etc/vscode.

Copy the edited policy file to the /etc/vscode/ system location:

sudo cp /tmp/policy.json /etc/vscode/policy.json

Set appropriate permissions:

sudo chmod 644 /etc/vscode/policy.json
sudo chown root:root /etc/vscode/policy.json

Step 2: Verify the policy installation

Launch VS Code (or restart it if already running).
Open File > Preferences > Settings (or press Ctrl+,).
Look for settings that correspond to your configured policies - they should show as "managed by your organization" or have a lock icon.
Hover over managed settings to see that they are controlled by policy.

Tip

You can verify the policy file is being read by checking VS Code's logs or by attempting to change a managed setting (the change will be prevented).

Remove policies

To remove all policies and revert to default settings, delete the /etc/vscode/policy.json file and restart VS Code.

VS Code enterprise policy reference

The following table lists all available enterprise policies in VS Code.

Policy Name	Setting ID	Description	Minimum Version
`McpGalleryServiceUrl`	chat.mcp.gallery.serviceUrl Open in VS Code Open in VS Code Insiders ORG	Configure the MCP Gallery service URL to connect to	1.101
`ExtensionGalleryServiceUrl`	extensions.gallery.serviceUrl Open in VS Code Open in VS Code Insiders ORG	Configure the Marketplace service URL to connect to	1.99
`AllowedExtensions`	extensions.allowed Open in VS Code Open in VS Code Insiders ORG	Specify a list of extensions that are allowed to use. This helps maintain a secure and consistent development environment by restricting the use of unauthorized extensions. More information: https://code.visualstudio.com/docs/setup/enterprise#_configure-allowed-extensions	1.96
`ChatToolsAutoApprove`	chat.tools.global.autoApprove Open in VS Code Open in VS Code Insiders ORG	Global auto approve also known as "YOLO mode" disables manual approval completely for all tools in all workspaces, allowing the agent to act fully autonomously. This is extremely dangerous and is never recommended, even containerized environments like Codespaces and Dev Containers have user keys forwarded into the container that could be compromised. This feature disables critical security protections and makes it much easier for an attacker to compromise the machine.	1.99
`ChatToolsEligibleForAutoApproval`	chat.tools.eligibleForAutoApproval Open in VS Code Open in VS Code Insiders ORG	Controls which tools are eligible for automatic approval. Tools set to 'false' will always present a confirmation and will never offer the option to auto-approve. The default behavior (or setting a tool to 'true') may result in the tool offering auto-approval options.	1.107
`ChatMCP`	chat.mcp.access Open in VS Code Open in VS Code Insiders ORG	Controls access to installed Model Context Protocol servers.	1.99
`ChatAgentExtensionTools`	chat.extensionTools.enabled Open in VS Code Open in VS Code Insiders ORG	Enable using tools contributed by third-party extensions.	1.99
`ChatAgentMode`	chat.agent.enabled Open in VS Code Open in VS Code Insiders ORG	When enabled, agent mode can be activated from chat and tools in agentic contexts with side effects can be used.	1.99
`ChatToolsTerminalEnableAutoApprove`	chat.tools.terminal.enableAutoApprove Open in VS Code Open in VS Code Insiders ORG	Controls whether to allow auto approval in the run in terminal tool.	1.104
`UpdateMode`	update.mode Open in VS Code Open in VS Code Insiders ORG	Configure whether you receive automatic updates. Requires a restart after change. The updates are fetched from a Microsoft online service.	1.67
`TelemetryLevel`	telemetry.telemetryLevel Open in VS Code Open in VS Code Insiders ORG	Controls the level of telemetry.	1.99
`EnableFeedback`	telemetry.feedback.enabled Open in VS Code Open in VS Code Insiders ORG	Enable feedback mechanisms such as the issue reporter, surveys, and other feedback options.	1.99

Note

If you want to enact more policies, open an issue in the VS Code GitHub repository. The team will determine if there is already a corresponding setting for the behavior or if a new setting and policy should be created.

01/08/2026