Microsoft held an event last week where they talked a whole lot about Artificial Intelligence (AI) and Microsofts own service to connect with AI called Copilot. In this blog post I’ll describe what I’ve learned about Copilot since the announcement and show you how you can enable or disable it via Intune policy.
Why would you want to disable Copilot ? There are lots of reasons such as data protection, security, and having control of what your users are doing with this new technology. Rolling it out to approved users to test at first would be a great way to start rather than this showing up on all applicable Windows 11 devices.
- Available SKUS & Cost
- Copilot Availability
- Temporary enterprise feature control
- Creating policy in Intune
- Using Copilot
Available SKUS & Cost
Copilot will be available in 3 SKUs with costs ranging from free to $30 USD per user per month.
- Copilot in Windows – Free
- Bing Chat Enterprise – $5 standalone, included in Microsoft E3/E5
- Microsoft 365 Copilot – $30
The breakdown of those 3 SKUs are listed below:
The interesting news in the Windows event blog post was that Copilot would be rolled out to some customers (more of that later) starting Tuesday September 26th for Windows 11 version 22H2 and more broadly as time goes by. It will also be included with Windows 11 version 23H2 when that releases later this fall (Q4 timeframe).
Microsoft Copilot in Windows will be available on September 26. It will empower you to create faster and complete tasks with ease and lessen your cognitive load—making once-complicated tasks simple. We’ve made accessing the power of Copilot seamless as it’s always right there for you on the taskbar or with the Win+C keyboard shortcut, providing assistance alongside all your apps. Copilot in Windows will feature the new Copilot icon, the new Copilot user experience, Bing Chat, and will be available to commercial customers for free.
Copilot in Windows will start to release in preview to select global markets as part of our latest update to Windows 11. The initial markets for the Copilot in Windows preview include North America and parts of Asia and South America. It is our intention to add additional markets over time.
So now we know what’s coming, we need to know what we need in place to see it on production ready Windows 11 devices today. In summary, that should be the following:
- Windows 11 version 22H2 with KB5030310 installed
- North America, parts of Asia/South America regions only (for now)
September 26th was the release date for this new capability to the general public as long as you are located in the regions mentioned above and it comes in an update listed here. This update has already started rolling out globally but if you don’t see it yet on your Windows 11 22H2 devices then you can manually install the update from the Microsoft Update Catalog here.
Temporary enterprise feature control
According to this docs site, all Windows 11 version 22H2 releases should be using Temporary Enterprise feature control, meaning that “Features behind temporary enterprise control are automatically disabled for devices that have their Windows updates managed by policies.”
Ok, so if that’s the case then any managed Intune devices with Windows updates managed by policies shouldn’t need any further action prior to the release of Windows 11 23H2. Right ? and once 23H2 is released those same devices will get Copilot enabled by default.
However, the same article shows the following info.
So which is it, is the new feature is disabled by default or enabled ?
Am I the only one confused by this ? So maybe it’s just confusing me, but to be 100% sure that I am disabling Copilot on applicable PC’s I created policy as described further in this blog post.
To verify if the docs above are indeed correct I deployed a new Windows 11 22H2 virtual machine, patched it to the required 2361 build and made sure that it was NOT targeted with policy to either enable (or disable) Copilot. This device (below) was not targeted by any Windows Update policy from Intune.
The result ? Copilot was ENABLED.
I will retest the above scenario with a vm targeted by Windows Update policy to see if that behaves differently.
Creating policy in Intune
Now that you know what you need in place to test Copilot, it’s time to take a look at policy creation in Intune. Why would you want to do that ? so that you can have fine control over who can use Copilot and who cannot.
Note: The currently available CSP was released for Windows Insider Preview and therefore may change, if it does I’ll update this blog post.
In Intune create a new device configuration profile and select templates, custom as shown here.
Give the policy a suitable name and fill in the following custom URI, use the following settings:
- Data type Integer
- Value 1
as shown here
Note: If you want to Enable Copilot replace the 1 with 0
Assign the policy to two groups, one where you want to disable the ability and another for excluding this policy.
Next, you can optionally set an Applicability rule for OSversion = 10.0.22621.2361 to 10.0.22621.9999 which should cover all versions of Windows 11 version 22H2 for the coming while.
Note: If you want to disable Copilot for Windows 11 23H2 when it releases then adjust the OSVersion accordingly.
Monitoring the policy
Once you’ve deployed the policy you’ll see devices reporting back different results based on your applicability rules, and based on whether the devices meet the requirements for Copilot or not.
If you did not specify OSVersion 10.0.22621.2361 as the minimum release then any Windows 11 22H2 devices that get this policy that have not yet updated to build 2361 will report an error (remediation failed). Not Applicable is for versions of Windows that this does not apply to, for example Windows 10 and Success means the policy was successfully applied.
On the devices targeted with the policy that are running the correct version of Windows 11 22h2 (build 2361) you should now see the following registry keys.
The screenshot below is from my Windows Insider preview release, where I enabled Copilot Preview. I asked Copilot to tell me about Niall Brady. The technology is definitely very cool and I’m looking forward to seeing where it goes!
That’s all for this blog post, happy Copiloting and thanks to all that responded to this thread on Twitter (yeah I’m still calling it that).