Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
PamStealer Mimics Maccy, Silently Harvests Data
July 4, 2026
Critical FatFs Vulnerabilities Expose Millions of Embedded Devices
July 4, 2026
Critical Linux Kernel Vulnerability CVE-2023-0179 Grants Root Access
July 4, 2026
Home/CyberSecurity News/Microsoft Issues Group Policy to Disable Windows 11 Copilot on Enterprise Devices
CyberSecurity News

Microsoft Issues Group Policy to Disable Windows 11 Copilot on Enterprise Devices

Key Takeaways Microsoft has introduced a new Group Policy setting allowing IT administrators to remove the standalone Microsoft Copilot app from managed Windows 11 enterprise devices. The policy,...

David kimber
David kimber
April 27, 2026 3 Min Read
49 0

Key Takeaways

  • Microsoft has introduced a new Group Policy setting allowing IT administrators to remove the standalone Microsoft Copilot app from managed Windows 11 enterprise devices.
  • The policy, “RemoveMicrosoftCopilotApp,” was released on April 14, 2026, as part of the April 2026 Patch Tuesday updates and is available for Windows 11 version 25H2 (KB5083769 and later).
  • This feature provides IT teams with granular control over AI deployments, addressing enterprise feedback regarding unwanted AI integrations, but has specific activation conditions.
  • The policy facilitates a one-time uninstall; persistent blocking of reinstallation requires additional security measures.

Microsoft Empowers IT with New Group Policy to Disable Windows 11 Copilot

Microsoft has rolled out a significant update, introducing a dedicated Group Policy setting that enables IT administrators to silently uninstall the Microsoft Copilot application from managed Windows 11 devices. This move reflects a broader industry trend towards greater enterprise control over bundled AI functionalities, prioritizing IT-managed deployments over default installations.

Table Of Content

  • Key Takeaways
  • Microsoft Empowers IT with New Group Policy to Disable Windows 11 Copilot
  • Targeted Removal of Windows 11 Copilot
  • What You Should Do

The new policy, officially named RemoveMicrosoftCopilotApp, became widely available to organizations on April 14, 2026. Its release coincided with the April 2026 Patch Tuesday security updates and is incorporated into Windows 11 version 25H2, specifically with update KB5083769 and subsequent builds. Administrators can access and implement this setting through both Policy CSP and traditional Group Policy Object (GPO) management frameworks.

Targeted Removal of Windows 11 Copilot

The RemoveMicrosoftCopilotApp setting offers IT departments a precise and non-intrusive method to uninstall the consumer-oriented Microsoft Copilot application from corporate endpoints. When activated, administrators can set the policy value to ‘1’ to initiate the removal process or ‘0’ to disable it, aligning with standard integer-based toggles found in existing Windows policy structures.

However, the policy’s execution is subject to specific criteria, ensuring it acts as a controlled mechanism rather than a broad uninstallation tool. The policy will only take effect if all three of the following conditions are simultaneously met on a target device:

  • Microsoft 365 Copilot is already installed on the same device.
  • The Microsoft Copilot application was not installed manually by the end-user.
  • The Copilot application has not been launched or used within the preceding 28 days.

This multi-factor validation system is designed to prevent disruption for active users who may rely on the standalone Copilot application, ensuring the policy serves as a precision instrument for IT management.

Administrators can locate the new policy within the Group Policy Editor by navigating to User Configuration → Administrative Templates → Windows AI → Remove Microsoft Copilot App. It is also accessible via the Policy CSP OMA-URI path at ./User/Vendor/MSFT/Policy/Config/WindowsAI/RemoveMicrosoftCopilotApp, as well as its corresponding device-level path.

The setting is applicable across various Windows 11 SKUs, including Pro, Enterprise, Education, and IoT Enterprise, thereby covering the full spectrum of managed organizational environments. It is crucial to understand that this policy performs a one-time uninstallation. End-users retain the ability to reinstall the Copilot application from the Microsoft Store if they choose to do so.

Organizations aiming to permanently prevent reinstallation will need to integrate this policy with additional enforcement mechanisms. These may include tools such as AppLocker, Windows Defender Application Control (WDAC), or Intune uninstall profiles to establish a persistent block.

This release aligns with a broader trend from Microsoft to “unbundle” AI features from core Windows components, a response to consistent enterprise feedback regarding unsolicited AI integrations. By providing this controlled removal capability, Microsoft is consolidating the enterprise AI experience around Microsoft 365 Copilot as the designated AI assistant for managed corporate environments. This approach streamlines the AI toolset while granting IT teams the precise control they have long sought.

What You Should Do

  • Update Systems: Ensure all managed Windows 11 devices are updated to version 25H2 with KB5083769 or later to access the new Group Policy setting.
  • Evaluate AI Strategy: Review your organization’s AI adoption strategy to determine if removing the standalone Copilot app aligns with your corporate policies and user needs.
  • Implement Policy: Utilize the RemoveMicrosoftCopilotApp Group Policy to uninstall the consumer-facing Copilot app from applicable enterprise devices, adhering to the specified conditions.
  • Consider Persistent Blocking: If permanent prevention of Copilot reinstallation is required, integrate this policy with advanced application control solutions like AppLocker, WDAC, or Intune.
  • Communicate Changes: Inform end-users about the removal of the standalone Copilot app and guide them toward approved AI tools like Microsoft 365 Copilot if applicable.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

PatchSecurity

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Microsoft Store App Vibing.exe Harvested Screens, Audio, and Clipboard Data

Next Post

ClickFix Attack Replaces PowerShell with Cmdkey and Remote Regsvr32

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns
July 3, 2026
Apache ActiveMQ Critical Vulnerabilities Allow DoS Attacks, System Crashes
July 3, 2026
Scammers Impersonate Brands in Gambling Ads to Drive Casino Traffic
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us