Visual Studio Code 1.122 ships today, and the headline story is straightforward but significant: BYOK (Bring Your Own Key) no longer requires a GitHub sign-in. That’s not a small UX improvement — it’s the change that unlocks VS Code’s AI features for regulated, air-gapped, and network-restricted environments that could never use GitHub Copilot before. Pair that with the maturing Agents Window, enterprise-grade OpenTelemetry signals, and the Custom Endpoint provider moving from Preview to Stable, and this release reads more like an enterprise platform announcement than a monthly dot release.

Air-Gapped BYOK: The Change That Changes the Conversation

Until 1.122, using your own language model API key in VS Code — even if that key pointed to an on-premises endpoint with zero external traffic — required a GitHub sign-in. The GitHub identity was the gate. For government agencies, defense contractors, financial institutions operating in segmented networks, or any organization with strict third-party authentication restrictions, that dependency was a hard blocker.

That dependency is now removed for chat, tools, and MCP servers.

Configure a provider via Command Palette → Manage Language Models — Anthropic, Azure, Gemini, OpenAI, Ollama, OpenRouter, or a custom endpoint — and VS Code’s Chat view becomes available without GitHub. Requests go directly to your configured provider. Sign-in prompts are suppressed.

What this enables:

  • Azure OpenAI behind private endpoints. Organizations running Azure OpenAI via VNet integration or private DNS zones can point VS Code directly at those endpoints. No data leaves the tenant. No outbound GitHub authentication required.
  • On-premises Ollama deployments. Teams running Llama or Mistral models on internal servers now have a fully supported, stable path to use those models in VS Code chat.
  • Restricted government/defense networks. Environments where GitHub.com is outright blocked can now deploy VS Code AI features as long as their chosen LLM endpoint is reachable internally.
  • Complete offline workflows. Combine BYOK with VS Code’s configurable telemetry policy (TelemetryLevel) and you can run a meaningful AI-assisted development experience entirely within your network boundary.

What still requires GitHub sign-in: Inline suggestions and Next Edit Suggestions (NES). BYOK covers chat, tools, and MCP servers — not the real-time completion engine. For most air-gapped use cases, that’s an acceptable tradeoff. Developers who primarily want AI chat assistance and agentic tooling rather than real-time completions get exactly what they need.

The utility model wrinkle: VS Code uses smaller “utility models” for background tasks — chat title generation, commit message generation, feedback flows. When you’re signed out, those default utility models are unreachable. VS Code 1.122 surfaces a notification prompting you to configure BYOK models for utility tasks (chat.utilityModel, chat.utilitySmallModel settings). You can configure them for full AI functionality or dismiss the notification if you only need chat.

Custom Endpoint Provider Reaches Stable

Directly related to air-gapped BYOK: the Custom Endpoint provider moves from Preview to Stable in 1.122.

This provider lets you connect any model implementing Chat Completions, Responses, or Messages APIs — the same protocol families used by OpenAI, Anthropic, and Azure. That means self-hosted LLMs served by vLLM, TGI, or LM Studio, enterprise AI platforms behind custom APIs, or Azure OpenAI accessed through a gateway — all are now first-class BYOK providers in VS Code Stable.

The practical consequence: there is now a fully Microsoft-supported, production-stable path to run VS Code chat against any internally controlled LLM endpoint. This closes the gap between what’s technically possible and what’s officially supported — an important distinction for enterprise IT and compliance teams.

Granular BYOK Provider Management

Managing BYOK providers previously meant editing raw JSON configuration to rotate keys, add models, or clean up providers. 1.122 surfaces targeted actions directly in the Language Model editor:

  • Update API Key — rotate keys without touching JSON
  • Add Model — extend a provider group with additional models
  • Rename Group — clean up provider group names in-place
  • Delete — remove a provider group entirely

These are small UX improvements individually. Collectively, they signal that Microsoft is treating BYOK as a mainstream workflow rather than a power-user escape hatch. As enterprise organizations configure and rotate keys for multiple BYOK providers across teams, these actions reduce operational friction and the risk of misconfiguration from JSON editing.

Agents Window: Maturing Into a Real Workflow Tool

The Agents Window — a dedicated companion panel for exploring, iterating on, and reviewing AI agent sessions — continues its Preview evolution with two additions in 1.122:

Session hover details. Hover over any session in the session list to see its title, the harness used (indicated by icon), the project, worktree, and files changed — without clicking into the session. For developers managing multiple concurrent agent sessions across projects, this is a meaningful usability improvement.

Model management from the Agents Window. “Chat: Manage Language Models” is now available directly from the Agents Window. This matters because the Agents Window is increasingly where agent-mode work happens — being able to configure BYOK models without switching back to the main editor window keeps the workflow coherent.

For organizations evaluating whether VS Code’s agent capabilities can displace standalone agentic coding tools like Cursor or Claude Code: the Agents Window is the long-term answer. It’s still Preview, but each release adds features that make it more practical for production use. The Local VS Code harness remains Insiders-only for now (sessions.chat.localAgent.enabled), but the trajectory is clear.

OpenTelemetry Signals: Agents Become Observable

This change is easy to overlook in the release notes, but it matters significantly for enterprise governance.

Local agent sessions now emit a canonical github.copilot.* attribute namespace to OpenTelemetry, aligned with the GitHub Copilot CLI OpenTelemetry conventions. The new signals cover:

  • Repository context
  • Agent type
  • Structured tool parameters
  • Hook outcomes

Why this matters for IT and DevOps teams:

If your organization runs an OpenTelemetry pipeline — feeding into Datadog, Grafana, Azure Monitor, Splunk, or any compatible backend — VS Code agent activity can now flow into the same observability infrastructure as your application telemetry. That enables:

  • Cost visibility. Track LLM token consumption per developer, team, or project.
  • Security audit trails. Know which tools ran, which MCP servers connected, which hooks executed — not just that an agent session happened.
  • Compliance evidence. For regulated environments, a structured audit log of agent activity is a governance requirement, not a nice-to-have.
  • Performance baselines. Measure the actual productivity impact of AI-assisted development against non-AI sessions using the same metrics infrastructure.

The attribute alignment with the GitHub Copilot CLI conventions is also meaningful: if your organization uses both VS Code agents and CLI-based agent tools, the telemetry now speaks a common language. That’s the foundation for centralized agent monitoring across your development toolchain.

Sandbox Behavior Refinement

Setting: chat.agent.sandbox.enabled

The change here is subtle but worth understanding. Previously, commands executed with Bypass Approvals or Autopilot mode were first tried in the sandbox; if they failed, VS Code automatically retried outside the sandbox. Since approvals were bypassed, this retry loop provided no real safety benefit — it just made the behavior harder to reason about.

New behavior: Terminal sandboxing only applies when using Default Approvals.

This is a pragmatic clarification of the safety model:

  • Default Approvals = sandboxing applies → genuine balance of safety and usefulness
  • Bypass Approvals / Autopilot = no sandboxing → user has explicitly acknowledged the risk, sandbox retry would be misleading theater

For organizations setting policy around agent use, this clarification matters. If you require that developers use Default Approvals for sensitive repositories, sandboxing provides real protection. If developers have Bypass Approvals enabled, there’s no sandbox — which is honest and predictable, even if it requires additional governance controls elsewhere.

Integrated Browser: Device Emulation and Screenshot to Chat

Two additions to the integrated browser round out the release:

Device emulation. The integrated browser now supports out-of-the-box device emulation — screen sizes, mobile/touch emulation, custom user agents. Enable it via the “Show Emulation Toolbar” option in the browser tab overflow menu. For web developers, this eliminates the need to switch to Chrome DevTools or a separate browser window to test responsive layouts. Notably, agents can trigger device emulation programmatically via Playwright code, enabling automated mobile responsiveness checks as part of agent-driven testing workflows.

Screenshot to chat. Attach a screenshot of the current browser viewport directly to VS Code chat as context. The practical use case is immediate: screenshot a broken layout, attach it to chat, and ask Copilot to diagnose the CSS or layout issue without leaving the editor.

What Organizations Should Do

If you operate in air-gapped or network-restricted environments: Evaluate 1.122 as the release that makes VS Code AI features viable. Map your internal LLM endpoint situation — Azure OpenAI private endpoint, on-premises Ollama, or custom endpoint — and test BYOK configuration. The capability is now Stable and supported.

If you’re managing VS Code deployments at scale: Review your VS Code deployment configuration for TelemetryLevel settings. If AI features were previously blocked by GitHub sign-in requirements, those blocks may need to be reconsidered. Conversely, ensure BYOK configuration governance is in place — you don’t want developers pointing VS Code at unvetted external endpoints.

If you’re running agent workloads in VS Code: Configure OpenTelemetry export for agent sessions. Even if you’re not monitoring it immediately, establishing the data pipeline now gives you a baseline before agent usage scales. The github.copilot.* attribute namespace is the signal to map to your existing OTel infrastructure.

If you’re a web developer: Turn on the device emulation toolbar. It’s a quality-of-life improvement that removes one context switch from your debugging workflow.

What Has NOT Changed

  • Inline suggestions and NES still require GitHub sign-in. BYOK does not replace Copilot for real-time code completions.
  • Existing GitHub Copilot subscribers are unaffected. BYOK without sign-in is an additive capability for scenarios where GitHub authentication isn’t possible.
  • Agents Window remains Preview. Production-critical agent workloads should be evaluated accordingly.
  • Remote Development SSH/WSL/Dev Containers are unaffected by the AI and BYOK changes. The only Remote Development note in 1.122 is EOL for 32-bit ARM Linux hosts.

The Bigger Picture: VS Code as Enterprise AI Infrastructure

Microsoft is facing real competitive pressure from agentic coding tools — Cursor, Claude Code, OpenAI Codex — that are moving fast and attracting developer mindshare. VS Code 1.122’s enterprise-focused changes aren’t coincidental. They’re the answer to a specific question: Why should regulated organizations standardize on VS Code rather than evaluating alternatives?

The answer being built across recent releases: VS Code is the option that integrates with enterprise identity, compliance, and observability infrastructure. BYOK without GitHub sign-in addresses data sovereignty. OpenTelemetry alignment addresses governance. Custom Endpoint in Stable addresses self-hosted LLM deployment. Sandbox behavior clarification addresses security policy transparency.

This is the pattern Microsoft has applied across its enterprise portfolio — not competing feature-for-feature on raw capability, but building governance, compliance, and integration hooks that enterprise IT requires before deploying AI tooling at scale. For organizations that need VS Code to fit inside existing security architecture rather than working around it, 1.122 is the release that makes that conversation much easier.

Combined with the Build 2026 narrative of Windows as an agent platform — where agents run in resettable, auditable environments rather than loose on developer desktops — VS Code 1.122’s observability and controlled execution features point toward a coherent enterprise AI development architecture. The editor, the platform, and the governance infrastructure are being built in parallel.

Ready to Optimize Your Developer Tooling?

Big Hat Group helps organizations standardize and deploy VSCode at scale with Intune, Windows 365, and GitHub Copilot. Whether you’re evaluating BYOK for a regulated environment, building a developer productivity baseline, or scaling GitHub Copilot across engineering teams, we bring hands-on expertise to every engagement.

Contact Big Hat Group to discuss your developer tooling strategy.

Big Hat Group is a Microsoft partner specializing in modern endpoint management, Windows 365, and developer productivity tooling.