Merge branch 'main' into use-checkout-reusable

Author: Sharra-writes

content/admin/data-residency/network-details-for-ghecom.md

@@ -200,6 +200,8 @@ Japan region:
 #### EU
 
 `*.blob.core.windows.net` can be replaced with:
+* `memoryalphaprodsdc01.blob.core.windows.net`
+* `memoryalphaprodweu01.blob.core.windows.net`
 * `prodsdc01resultssa0.blob.core.windows.net`
 * `prodsdc01resultssa1.blob.core.windows.net`
 * `prodsdc01resultssa2.blob.core.windows.net`
@@ -212,6 +214,7 @@ Japan region:
 #### Australia
 
 `*.blob.core.windows.net` can be replaced with:
+* `memoryalphaprodae01.blob.core.windows.net`
 * `prodae01resultssa0.blob.core.windows.net`
 * `prodae01resultssa1.blob.core.windows.net`
 * `prodae01resultssa2.blob.core.windows.net`
@@ -220,6 +223,7 @@ Japan region:
 #### Japan
 
 `*.blob.core.windows.net` can be replaced with:
+* `memoryalphaprodjpw01.blob.core.windows.net`
 * `prodjpw01resultssa0.blob.core.windows.net`
 * `prodjpw01resultssa1.blob.core.windows.net`
 * `prodjpw01resultssa2.blob.core.windows.net`

content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md

@@ -54,7 +54,7 @@ If you invite an existing organization into your trial enterprise, **all of thes
 
 ## Do I need to provide a payment method?
 
-You do not need to provide a payment method to start a trial. If you want to use {% data variables.copilot.copilot_business_short %} during the trial, you can contact {% data variables.contact.github_support %} for approval. Once your request is approved, you will need to provide a credit card for additional validation. You **won't** be charged for using {% data variables.copilot.copilot_business_short %} during the trial.
+You do not need to provide a payment method to start a trial.
 
 ## During the trial
 

content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries.md

@@ -43,13 +43,17 @@ You need to be an **organization owner** to set up access to private registries
 1. Use the **URL** and **Type** fields to define the location and type of the registry:
    * **URL** is the location where you access the private registry. For example, to use the {% data variables.product.prodname_registry %} registry for NuGet: `https://nuget.pkg.github.com/ORGANIZATION/index.json`, where `ORGANIZATION` is the name of your organization on {% data variables.product.github %}.
    * **Type** is the type of registry.
-1. Select either **Token** or **Username and password**, depending on the authentication method, then enter data into the appropriate fields.
-   Some types of authentication tokens, such as a {% data variables.product.github %} {% data variables.product.pat_generic_title_case %}, are tied to a particular user identity. Select the **Username and password** option for these and enter the relevant username as **Username** and the token as **Password**.
+1. Select the authentication method for the registry:
+   * **Token**: Enter the token used to authenticate with the registry.
+   * **Username and password**: Enter the username and password used to authenticate with the registry. Some types of authentication tokens, such as a {% data variables.product.github %} {% data variables.product.pat_generic_title_case %}, are tied to a particular user identity. Select this option for these and enter the relevant username as **Username** and the token as **Password**.
+   {% ifversion org-private-registry-oidc %}
+   * **OIDC (OpenID Connect)**: Use short-lived credentials from a cloud identity provider instead of storing long-lived secrets. When you select this option, choose a provider and fill in the provider-specific fields. For more information, see [Configuring OIDC authentication for a private registry](#configuring-oidc-authentication-for-a-private-registry).
+   {% endif %}
 1. Define which repositories in the organization can access the private registry using these details: all, private and internal, or selected repositories only.
 1. When you have finished defining the private registry, select **Add Registry** to save the registry information.
 
 > [!TIP]
-> When you add a private registry to an organization the token or password is stored as an encrypted secret. Once the registry is created, the token or password cannot be viewed again.
+> When you add a private registry to an organization using **Token** or **Username and password** authentication, the token or password is stored as an encrypted secret. Once the registry is created, the token or password cannot be viewed again.
 
 ### Enabling {% data variables.product.prodname_code_scanning %} default setup to use a registry definition
 
@@ -77,6 +81,27 @@ Any private registries used by the build must also be accessible to the workflow
 
 When you configure access to one or more private registries, {% data variables.product.prodname_dependabot %} can propose pull requests to upgrade a vulnerable dependency or to maintain a dependency, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot).
 
+{% ifversion org-private-registry-oidc %}
+
+### Configuring OIDC authentication for a private registry
+
+OIDC (OpenID Connect) authentication allows {% data variables.product.prodname_dependabot %} to use short-lived credentials from your cloud identity provider to access private registries, eliminating the need to store long-lived secrets. With OIDC, credentials are generated dynamically for each {% data variables.product.prodname_dependabot %} update job. You must configure a trust relationship between your cloud provider and {% data variables.product.github %} before {% data variables.product.prodname_dependabot %} can authenticate.
+
+> [!NOTE]
+> OIDC authentication for organization-level private registries is currently supported by {% data variables.product.prodname_dependabot %}. It is not supported by {% data variables.product.prodname_code_scanning %} default setup.
+
+When you select **OIDC** as the authentication method for a private registry, choose one of the supported providers and fill in the required fields:
+
+* **Azure**: Enter the **Tenant ID** (Azure AD tenant ID) and **Client ID** (Azure AD application client ID). You must configure a federated credential in Azure AD that trusts {% data variables.product.github %}'s OIDC provider.
+* **AWS CodeArtifact**: Enter the **AWS Region**, **Account ID** (AWS account ID), **Role Name** (IAM role name), **Domain** (CodeArtifact domain), and **Domain Owner** (CodeArtifact domain owner / AWS account ID). You can optionally provide an **Audience**. You must configure an IAM OIDC identity provider in AWS that trusts {% data variables.product.github %}'s OIDC provider.
+* **JFrog Artifactory**: Enter the **OIDC Provider Name**. You can optionally provide an **Audience** and **Identity Mapping Name**.
+
+The authentication type of a private registry cannot be changed after creation. To switch from OIDC to another authentication method, or vice versa, delete the existing registry and create a new one.
+
+For more information about how OIDC works, see [AUTOTITLE](/actions/concepts/security/openid-connect).
+
+{% endif %}
+
 {% ifversion code-quality %}
 
 ## {% data variables.product.prodname_code_quality_short %} access to private registries

content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md

@@ -32,7 +32,11 @@ For specific ecosystems, you can configure {% data variables.product.prodname_de
 
 {% ifversion org-private-registry %}
 
-You can configure {% data variables.product.prodname_dependabot %}'s access to private registries at the org-level. For more information on how to configure that, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries).
+You can configure {% data variables.product.prodname_dependabot %}'s access to private registries at the org-level.
+{% ifversion org-private-registry-oidc %}
+Organization-level registries support **Token**, **Username and password**, and **OIDC** authentication.
+{% endif %}
+For more information about configuration, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries).
 
 {% endif %}
 
@@ -126,6 +130,13 @@ If your private registry is configured with an IP allow list, you can find the I
 
 With OIDC-based authentication, {% data variables.product.prodname_dependabot %} update jobs can dynamically obtain short-lived credentials from your cloud identity provider, just like {% data variables.product.prodname_actions %} workflows using OIDC federation.
 
+{% ifversion org-private-registry-oidc %}
+
+> [!TIP]
+> OIDC authentication is also available for **organization-level** private registries, which you can configure through the organization settings UI or the REST API. For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries#configuring-oidc-authentication-for-a-private-registry).
+
+{% endif %}
+
 {% data variables.product.prodname_dependabot %} supports OIDC authentication for any registry type that uses `username` and `password` authentication, when the registry is hosted on one of the following cloud providers:
 
 * AWS CodeArtifact

content/copilot/concepts/agents/cloud-agent/access-management.md

@@ -19,7 +19,7 @@ redirect_from:
   - /copilot/concepts/agents/coding-agent/coding-agent-for-business-and-enterprise
   - /copilot/concepts/agents/coding-agent/managing-access
 contentType: concepts
-category: 
+category:
   - Manage Copilot for a team
 ---
 
@@ -48,7 +48,7 @@ Enterprise administrators and organization owners (for organization-owned reposi
 
 For information on disabling {% data variables.copilot.copilot_cloud_agent %} in some or all repositories owned by an organization, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/add-copilot-cloud-agent).
 
-For information on disabling {% data variables.copilot.copilot_cloud_agent %} in all repositories owned by an enterprise, see [AUTOTITLE](/enterprise-cloud@latest/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/manage-copilot-cloud-agent).
+For information on disabling {% data variables.copilot.copilot_cloud_agent %} in all repositories owned by an enterprise, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/block-copilot-cloud-agent).
 
 For information on disabling {% data variables.copilot.copilot_cloud_agent %} in repositories owned by your personal user account, see [AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-plan/managing-copilot-policies-as-an-individual-subscriber#enabling-or-disabling-copilot-cloud-agent).
 

content/copilot/concepts/auto-model-selection.md

@@ -38,15 +38,7 @@ Experience less rate limiting and reduce the mental load of choosing a model by
   * Eclipse
   * Xcode
 
-When you select **Auto** in {% data variables.copilot.copilot_chat_short %}, {% data variables.copilot.copilot_auto_model_selection_short_cap_a %} may choose from the following list of models, subject to your policies and subscription type. Models may change over time.
-  * {% data variables.copilot.copilot_gpt_41 %}
-  * {% data variables.copilot.copilot_gpt_53_codex %}
-  * {% data variables.copilot.copilot_gpt_54 %}
-  * {% data variables.copilot.copilot_gpt_54_mini %}
-  * {% data variables.copilot.copilot_claude_haiku_45 %}
-  * {% data variables.copilot.copilot_claude_sonnet_46 %}
-  * {% data variables.copilot.copilot_grok_code %}
-  * {% data variables.copilot.copilot_raptor_mini %}
+When you select **Auto** in {% data variables.copilot.copilot_chat_short %}, {% data variables.copilot.copilot_auto_model_selection_short_cap_a %} chooses from the supported models, subject to your policies and subscription type. Models may change over time. See [AUTOTITLE](/copilot/reference/ai-models/supported-models#supported-ai-models-in-auto-model-selection).
 
 > [!TIP] To see which model was used for each response, hover over the response in {% data variables.copilot.copilot_chat_short %}.
 
@@ -62,8 +54,7 @@ During the {% data variables.release-phases.public_preview %}, if you're using a
 
 ## {% data variables.copilot.copilot_auto_model_selection_short_cap_a %} in {% data variables.copilot.copilot_cloud_agent %}
 
-When you select **Auto** in {% data variables.copilot.copilot_cloud_agent %}, {% data variables.copilot.copilot_auto_model_selection_short_cap_a %} currently chooses from the following list of models, subject to your policies and subscription type:
-  {% data reusables.copilot.copilot-cloud-agent-auto-models %}
+When you select **Auto** in {% data variables.copilot.copilot_cloud_agent %}, {% data variables.copilot.copilot_auto_model_selection_short_cap_a %} chooses from the supported list of models, subject to your policies and subscription type. See [AUTOTITLE](/copilot/reference/ai-models/supported-models#supported-ai-models-in-auto-model-selection).
 
 {% data reusables.copilot.change-the-ai-model-copilot-cloud-agent %}
 

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/block-copilot-cloud-agent.md

@@ -0,0 +1,25 @@
+---
+title: Blocking GitHub Copilot cloud agent in your enterprise
+intro: 'Disable use of {% data variables.copilot.copilot_cloud_agent %} for all users and repositories.'
+permissions: Enterprise owners and AI managers
+versions:
+  feature: copilot
+shortTitle: 'Block {% data variables.copilot.copilot_cloud_agent %}'
+contentType: how-tos
+category:
+  - Manage Copilot for a team
+allowTitleToDifferFromFilename: true
+---
+
+Most {% data variables.product.prodname_copilot_short %} policies, including "Enable {% data variables.copilot.copilot_cloud_agent %}", only affect users who receive a {% data variables.product.prodname_copilot_short %} license from your enterprise or organizations.
+
+If you want to disable {% data variables.copilot.copilot_cloud_agent %} in repositories completely, including for users who get access to {% data variables.product.prodname_copilot_short %} from a personal plan or another enterprise, you can use the "Block {% data variables.copilot.copilot_cloud_agent %}" policy.
+
+## Blocking {% data variables.copilot.copilot_cloud_agent %}
+
+>[!NOTE] This enterprise-level policy is a blanket restriction. Organization owners can block {% data variables.copilot.copilot_cloud_agent %} in specific repositories. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/add-copilot-cloud-agent).
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.ai-controls-tab %}
+{% data reusables.enterprise-accounts.cca-policies %}
+1. Next to **Block {% data variables.copilot.copilot_cloud_agent %} in all repositories owned by ENTERPRISE-NAME**, click the toggle.

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/enable-copilot-cloud-agent.md

@@ -0,0 +1,51 @@
+---
+title: Enabling GitHub Copilot cloud agent in your enterprise
+intro: 'Choose which organizations can use {% data variables.copilot.copilot_cloud_agent %} and connect it to MCP servers.'
+allowTitleToDifferFromFilename: true
+permissions: Enterprise owners and AI managers
+product: '{% data reusables.gated-features.copilot-cloud-agent %}<br><a href="https://github.com/enterprise/contact?ref_product=copilot&ref_type=engagement&ref_style=button" target="_blank" class="btn btn-primary mt-3 mr-3 no-underline"><span>Contact Sales</span> {% octicon "link-external" height:16 %}</a>'
+versions:
+  feature: copilot
+shortTitle: 'Enable {% data variables.copilot.copilot_cloud_agent %}'
+redirect_from:
+  - /copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/manage-copilot-coding-agent
+  - /copilot/managing-copilot/managing-copilot-for-your-enterprise/adding-copilot-coding-agent-to-enterprise
+  - /copilot/managing-copilot/managing-copilot-for-your-enterprise/making-copilot-coding-agent-available-to-enterprise
+  - /copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-copilot-coding-agent-in-your-enterprise
+  - /copilot/how-tos/administer/enterprises/managing-copilot-coding-agent-in-your-enterprise
+  - /copilot/how-tos/administer/enterprises/manage-copilot-coding-agent
+  - /copilot/how-tos/administer/manage-for-enterprise/manage-copilot-coding-agent
+  - /copilot/how-tos/administer-copilot/manage-for-enterprise/manage-copilot-coding-agent
+  - /copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/manage-copilot-cloud-agent
+contentType: how-tos
+category:
+  - Manage Copilot for a team
+---
+
+## Prerequisites
+
+You may want to run a trial before enabling {% data variables.copilot.copilot_cloud_agent %} for the enterprise. See [AUTOTITLE](/copilot/tutorials/cloud-agent/pilot-cloud-agent).
+
+## Enabling {% data variables.copilot.copilot_cloud_agent %}
+
+{% data variables.copilot.copilot_cloud_agent %} and use of third-party MCP servers are disabled by default. You can enable these features for users who receive a {% data variables.product.prodname_copilot_short %} license from your enterprise or organizations.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.ai-controls-tab %}
+{% data reusables.enterprise-accounts.cca-policies %}
+1. Select a global policy for {% data variables.copilot.copilot_cloud_agent %}, then communicate your decision with your organizations.
+
+   >[!TIP] If you select **Enabled for selected organizations**, you can select individual organizations in the UI. To select organizations based on custom properties instead, use the REST API. See [AUTOTITLE](/rest/copilot/copilot-coding-agent-management#selecting-organizations-with-custom-properties).
+
+1. By default, the agent will be available in all repositories in selected organizations. If there are repositories where {% data variables.copilot.copilot_cloud_agent %} should be blocked for all users, tell organization owners to configure this setting. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/add-copilot-cloud-agent#disabling-or-enabling-copilot-cloud-agent-in-your-repositories).
+
+## Enabling MCP servers
+
+{% data variables.copilot.copilot_cloud_agent %} automatically has access to a small number of default MCP servers. See [AUTOTITLE](/copilot/concepts/agents/cloud-agent/mcp-and-cloud-agent#default-mcp-servers).
+
+You can enable third-party MCP servers to allow developers to integrate {% data variables.copilot.copilot_cloud_agent %} with other services in your DevOps toolchain, such as error-tracking platforms or logging systems.
+
+{% data reusables.enterprise-accounts.view-mcp-policies %}
+1. Set a policy for **MCP servers in {% data variables.product.prodname_copilot_short %}**.
+
+>[!NOTE] The "MCP Registry URL" and "Restrict MCP access to registry servers" policies do **not** apply to {% data variables.copilot.copilot_cloud_agent %}.

content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/index.md

@@ -1,13 +1,15 @@
 ---
 title: Managing agents in your enterprise
 shortTitle: Manage agents
-intro: 'Maintain your enterprise''s security and compliance standards and empower your developers by managing your agents.'
+intro: Maintain your enterprise's security and compliance standards and empower your developers by managing your agents.
 versions:
   feature: copilot
 children:
   - /prepare-for-custom-agents
   - /monitor-agentic-activity
-  - /manage-copilot-cloud-agent
+  - /enable-copilot-cloud-agent
+  - /block-copilot-cloud-agent
   - /manage-copilot-code-review
 contentType: how-tos
 ---
+