# Github Copilot Enterprise

## Overview

This page explains how you can integrate **GitHub Copilot Enterprise** with Akto Atlas to enable **agent discovery, centralized guardrails, and enterprise-wide policy enforcement**.

As an Akto user, you can secure Copilot Enterprise using two complementary integration layers:

1. **Endpoint-level control via Copilot Hooks**
2. **Model-level control via Akto Agent Proxy (custom model routing)**

Together, these provide visibility and enforcement both at the developer endpoint and before requests reach the AI model.

## **1.** Endpoint Enforcement (CLI Hooks)

You can secure Copilot usage using the **Copilot Hooks integration** (refer to the [copilot-cli-hooks](https://ai-security-docs.akto.io/akto-atlas-agentic-ai-security-for-employee-endpoints/endpoints-discovery-agents/copilot-cli-hooks "mention") page for complete setup details).

This integration allows you to:

* Monitor prompt submissions
* Block unsafe tool executions before they run
* Send events to Akto Atlas for centralized visibility

This layer secures Copilot usage directly at employee endpoints.

## **2.** Model Routing (Agent Proxy)

To enforce guardrails before requests reach the AI provider, you can configure Copilot Enterprise to route model traffic through the **Akto Agent Proxy**.

Instead of allowing Copilot to directly access built-in models, you configure a **custom model endpoint** that points to Akto’s proxy.

Akto then:

1. Inspects and validates the request
2. Applies guardrails and policy enforcement
3. Forwards approved traffic to the configured backend model (Foundry or OpenAI-compatible)

This ensures centralized enforcement across all Copilot Enterprise users.

### **Prerequisites**

Before configuring GitHub:

* Ensure **Akto Agent Proxy is deployed and reachable**
* Ensure the proxy is connected to:
  * Azure Foundry **or**
  * An OpenAI-compatible backend
* Validate that the proxy endpoint is functioning correctly

{% hint style="warning" %}

#### **Important**

The Agent Proxy must already be connected to the target model backend before you configure it in GitHub. Misconfiguration will cause Copilot requests to fail.
{% endhint %}

### **Configuration Steps in GitHub**

After completing the prerequisites (including Akto Agent Proxy deployment), perform the following:

{% stepper %}
{% step %}
Go to **GitHub → Enterprise Settings**
{% endstep %}

{% step %}
Navigate to **AI Controls**
{% endstep %}

{% step %}
Open **Copilot**
{% endstep %}

{% step %}
Locate the **Configured Models** section

<div data-with-frame="true"><figure><img src="https://3128331180-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftog5ODwYfqPOf4eQhsOC%2Fuploads%2FRpLcCE5nT4iCEtVCQghx%2Fimage.png?alt=media&#x26;token=80512e45-169a-44f7-99d3-5cffd05a555a" alt="" width="563"><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}
Disable all default or built-in models (if you want full proxy enforcement)
{% endstep %}

{% step %}
Select **Add Custom Model**

<div data-with-frame="true"><figure><img src="https://3128331180-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftog5ODwYfqPOf4eQhsOC%2Fuploads%2Fymbts3E03pfhiFfmoR5s%2Fimage.png?alt=media&#x26;token=d5c222a1-e9b2-473e-b4e2-fa7ebe62b524" alt="" width="563"><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}
Choose the appropriate provider type:

* Foundry
* OpenAI-compatible
  {% endstep %}

{% step %}
Enter the **Akto Agent Proxy URL** as the model endpoint

* For OpenAI-compatible

  <div data-with-frame="true"><figure><img src="https://3128331180-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftog5ODwYfqPOf4eQhsOC%2Fuploads%2Fng9Yq9xehlRkVhISHUlj%2Fimage.png?alt=media&#x26;token=0d28c2d7-c0f3-4a23-9286-fb2d797eee1a" alt="" width="563"><figcaption></figcaption></figure></div>
* For Microsoft Foundry

  <div data-with-frame="true"><figure><img src="https://3128331180-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftog5ODwYfqPOf4eQhsOC%2Fuploads%2FMWGFLZ0EukTJ3NMTRLrf%2Fimage.png?alt=media&#x26;token=14ba1a07-759a-4b0b-9cf6-3e9481afbfc0" alt="" width="563"><figcaption></figcaption></figure></div>

{% endstep %}

{% step %}

1. Save and apply the configuration.
   {% endstep %}
   {% endstepper %}

All Copilot Enterprise model requests will now flow through Akto Agent Proxy before reaching the selected backend.

## **Operational Flow**

Once fully configured:

1. User interacts with Copilot
2. (Optional) Copilot Hooks capture endpoint events
3. Copilot sends model request
4. Request is routed to **Akto Agent Proxy**
5. Akto applies guardrails and validation
6. Approved requests are forwarded to the backend model
7. Responses return through the proxy to Copilot

This provides layered security across the Copilot lifecycle.

## **Best Practices**

* Use **both Copilot Hooks and Proxy routing** for complete coverage
* Disable direct access to built-in models to avoid bypass paths
* Validate proxy connectivity before enterprise rollout
* Test with a limited user group before full deployment
* Decide your enforcement posture (observe vs block) before enabling strict policies

## Get Support for your Akto setup

There are multiple ways to request support from Akto. We are 24X7 available on the following:

1. In-app `intercom` support. Message us with your query on intercom in Akto dashboard and someone will reply.
2. Join our [discord channel](https://www.akto.io/community) for community support.
3. Contact `support@akto.io` for email support.
4. Contact us [here](https://www.akto.io/contact-us).