Enterprise-level content exclusion for Copilot (#52496)

Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>

content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md

@@ -43,4 +43,30 @@ redirect_from:
 
    The "Audit log" page for the organization is displayed, showing the most recently logged occurrences of the `copilot.content_exclusion_changed` action.
 
+   Changes made at either the repository or organization level are listed.
+
+{% data reusables.copilot.more-details-content-exclusion-logs %}
+
+{% ifversion ghec%}
+
+## Reviewing changes in your enterprise
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+
+1. On the {% data variables.product.prodname_copilot %} page, click the **Content exclusion** tab.
+
+   At the bottom of the page you'll see the name of the person who last changed the content exclusion settings, and information about when they made this change.
+
+1. Click the time of the last change.
+
+   ![Screenshot of the last edited information. The time of change link is highlighted with a dark orange outline.](/assets/images/help/copilot/content-exclusions-last-edited-by.png)
+
+   The "Audit log" page for the organization is displayed, showing the most recently logged occurrences of the `copilot.content_exclusion_changed` action.
+
+   Changes made at the repository, organization, and enterprise level are listed.
+
 {% data reusables.copilot.more-details-content-exclusion-logs %}
+
+{% endif %}

content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md

@@ -2,7 +2,7 @@
 title: Excluding content from GitHub Copilot
 shortTitle: Exclude content from Copilot
 intro: 'You can prevent {% data variables.product.prodname_copilot_short %} from accessing certain content.'
-permissions: '{% data reusables.copilot.content-exclusion-permissions %}'
+permissions: 'Repository administrators{% ifversion ghec%}, organization owners, and enterprise owners{% else %} and organization owners{% endif %} can manage content exclusion settings. People with the "Maintain" role for a repository can view, but not edit, content exclusion settings for that repository.'
 product: '{% data reusables.gated-features.copilot-business-and-enterprise %}'
 layout: inline
 versions:
@@ -31,6 +31,10 @@ You can use content exclusions to configure {% data variables.product.prodname_c
 * The content in affected files will not inform code completion suggestions in other files.
 * The content in affected files will not inform {% data variables.product.prodname_copilot_chat %}'s responses.
 
+### Who can configure content exclusion
+
+Repository administrators{% ifversion ghec%}, organization owners, and enterprise owners{% else %} and organization owners{% endif %} can configure content exclusion.
+
 {% data reusables.copilot.content-exclusions-scope %}
 
 ### Availability of content exclusions
@@ -171,6 +175,16 @@ git@gitlab.com:gitlab-org/gitlab-runner.git:
   - "**/security/**"
 ```
 
+{% ifversion ghec %}
+
+## Configuring content exclusions for your enterprise
+
+As an enterprise owner, you can use the enterprise settings to specify files that {% data variables.product.prodname_copilot %} should ignore. The files can be within a Git repository or anywhere on the file system that is not under Git control.
+
+You apply rules in the same way as described in the previous section "[Configuring content exclusions for your organization](#configuring-content-exclusions-for-your-organization)" but from the settings for your enterprise. The key difference is that rules set at the enterprise level apply to all {% data variables.product.prodname_copilot_short %} users in the enterprise, whereas the rules set by organization owners only apply to users who are assigned a {% data variables.product.prodname_copilot_short %} seat by that organization.
+
+{% endif %}
+
 ## Testing changes to content exclusions
 
 You can use your IDE to confirm that your changes to content exclusions are working as expected.

content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md

@@ -2,7 +2,7 @@
 title: Managing policies for Copilot in your organization
 intro: 'Learn how to manage policies for {% data variables.product.prodname_copilot %} in your organization.'
 permissions: Organization owners
-product: '{% data reusables.gated-features.copilot-business-and-enterprise %}'
+product: 'Organizations with a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}'
 versions:
   feature: copilot
 redirect_from:

content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md

@@ -33,6 +33,8 @@ When a file is affected by a content exclusion setting, {% data variables.produc
 
 {% data reusables.copilot.content-exclusion-note %}
 
+Content exclusion can be configured at the repository{% ifversion ghec%}, organization, and enterprise{% else %} and organization{% endif %} level. The scope of the exclusion is determined by the level at which the rule is set:
+
 {% data reusables.copilot.content-exclusions-scope %}
 
 {% data reusables.copilot.content-exclusions-delay %} For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/testing-changes-to-content-exclusions-in-your-ide#propagating-content-exclusion-changes-to-your-ide)."

data/reusables/copilot/content-exclusions-scope.md

@@ -1,11 +1,21 @@
-{% ifversion fpt %}
+* **Repository administrators** can only exclude content for their own repositories. This affects {% data variables.product.prodname_copilot_short %} users working within those specific repositories.
+* **Organization owners** can exclude content for users assigned a {% data variables.product.prodname_copilot_short %} seat through their organization.
 
-Content exclusion settings only apply to members of the organization in which the content exclusion is configured, who have been granted a seat as part of a {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription.
+{% ifversion ghec %}
 
-{% else %}
+<!-- expires 2024-11-08 -->
 
-You can only specify content exclusions in the settings for an organization or repository, not in the settings for an enterprise. Content exclusion settings defined in an organization or repository within an enterprise will apply to all members of the enterprise who have been granted a seat as part of a {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription.
+  > [!NOTE] In the current {% data variables.release-phases.public_preview %} release, organization-level settings for content exclusion typically apply to all {% data variables.product.prodname_copilot_short %} users in the enterprise. This will change with the general availability (GA) release of this feature on November 8th, 2024.
+  >
+  > **_Before November 8th:_**
+  > * **If enterprise owners do not set rules**: Organization-level rules will continue to apply to all users across the enterprise, functioning as they do now, until November 8th.
+  > * **If enterprise owners set a rule**: Once enterprise-level rules are applied, organization-level rules will only apply to users who are assigned a {% data variables.product.prodname_copilot_short %} seat from the organization where the rule is set.<br><br>
+  >
+  > **_After November 8th:_**
+  > * Organization-level rules will no longer apply enterprise-wide. They will be limited to users who are assigned a {% data variables.product.prodname_copilot_short %} seat from the organization where the rule is set.
 
-{% endif %}
+<!-- end expires 2024-11-08 -->
+
+* **Enterprise owners** can apply exclusion rules to all {% data variables.product.prodname_copilot_short %} users in the enterprise.
 
-Anyone else who can access the specified files will still see code completion suggestions and {% data variables.product.prodname_copilot_chat %} responses referencing the specified files.
+{% endif %}

data/reusables/gated-features/copilot-business-and-enterprise.md

@@ -1 +1 @@
-Organizations with a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}
+Organizations{% ifversion ghec%} and enterprises{% endif %} with a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}.