IllusionMH
commented
1 month ago Just in case, have you seen https://code.visualstudio.com/docs/setup/enterprise as well?
Open rogersoMS opened 1 month ago
IllusionMH
commented
1 month ago Just in case, have you seen https://code.visualstudio.com/docs/setup/enterprise as well?
rogersoMS
commented
1 month ago I have. GPO is N/A as noted above. However, we do have the ability to ingest ADMX files via MDM bridge - however, as is often the case - the registry key required to be set (HKLM\Software\Policies\Microsoft\VSCode\UpdateMode) is in a protected registry location and hence cannot be set via MDM. So it's again not an option.
Enabling/disabling updates of VSCode is currently possible using a JSON config file,as per: https://code.visualstudio.com/docs/supporting/faq#_how-do-i-opt-out-of-vs-code-autoupdates.
In an enterprise environment, having to take additional steps of creating config files and copying them to devices, imply to control a single setting is undesirable and adds additional admin overhead. These enterprise devices are commonly cloud native, meaning they are AAS/Entra ID joined and managed by an MDM such as Intune, or a 3rd party MDM. This means any legacy controls such as group policy cannot be used.
In an enterprise, customers want granular control of updates and do not want a consumer experience where update versions flow ad-hoc directly to end users & prompt them to update. In addition, where VSCode has been installed in the system context such as Intune, subsequent updates will prompt the end-user with UAC (which they cannot action as they aren't local admins). This disrupts end users and creates unnecessary helpdesk calls.
The ask is for an install/command line switch that controls updates.By leveraging this, enterprise customers would have more granular control to (for example) easily disable updates at install time (set once, without additional config required). This would work with Intune and 3rd party MDMs and indeed other install methods too - addressing multi scenarios. Customers would then leverage their MDM tools and/or application catalogues to update VSCode at their preferred cadence and to their preferred version, once and testing/validation/change control has been completed.
The intention is not to disable updates (which would be bad practice), but rather to add additional flexibility and controls to accommodate a wider range of scenarios and customer demands.