Agent usage is difficult to govern when every developer configures telemetry differently. Central OpenTelemetry export creates a consistent path, but collecting everything can turn observability into a privacy and cost problem.
Quick answer
Send Copilot telemetry to an approved collector, document exactly which fields leave developer machines, and start with aggregate reliability and usage signals. Avoid exporting prompt or source content unless there is a reviewed need and clear retention policy.
exporters:
otlp:
endpoint: https://otel.example.internal
headers: managed-secret
policy:
include_content: false
retention_days: 30
what changed
Enterprises can now mandate an OpenTelemetry destination for Copilot activity in VS Code and the CLI. Administrators can deliver the collector configuration centrally instead of requiring developers to set individual OTEL_* environment variables.
This is a current platform change, so confirm availability for your plan, organization, and installed client before changing a production workflow. Preview features can also change faster than generally available controls.
who should use it
Useful questions include whether sessions fail, how long they run, and which teams need enablement. The telemetry should support operations and governance without becoming an employee-surveillance score or an archive of proprietary prompts.
The practical question is whether the feature removes a real bottleneck or security gap in your workflow. A new control is not valuable merely because it exists; it needs an owner, a narrow purpose, and an observable result.
a safe implementation
- Write the measurement question first.
- Inventory exported attributes and content fields.
- Configure transport security and collector access.
- Set retention and deletion rules before organization-wide rollout.
Make the first rollout small enough to reverse. Record the previous behavior, the setting or command that changed it, and the person responsible for deciding whether the experiment expands.
the mistake to avoid
Do not treat more telemetry as automatically better. High-cardinality session data can become expensive, while content capture can expose code, customer data, or credentials.
Convenience features still operate inside your existing trust model. Repository permissions, protected environments, review rules, test accounts, and audit logs remain important even when the new workflow removes manual steps.
how to verify it
Run one controlled VS Code session and one CLI session. Confirm expected spans reach the approved collector, sensitive content is absent, failed export does not block development, and retention controls apply.
Keep the verification evidence in the pull request or rollout ticket. That gives reviewers something concrete to evaluate and gives the next person a known baseline when the platform changes again.
rollout checklist
- Confirm the feature and client version are available.
- Test with non-production data and minimum permissions.
- Capture expected success and failure behavior.
- Document rollback and ownership.
- Recheck the official announcement before a wide rollout.
official reference
The announcement is the source of truth for availability and product behavior. This article focuses on the implementation decisions teams should make around it.