Copilot Code Review Gets 3 Enterprise Controls: Runner Config, Content Exclusion, and Unlimited Instructions

Core Conclusion

If you've been searching "how to configure Copilot code review for my organization," the short answer is: GitHub shipped three enterprise-grade controls on June 12, 2026 — organization-level runner configuration, content exclusion support, and unlimited custom instruction size. These three changes give enterprise teams significantly more control over how Copilot reviews code, what files it can see, and how much guidance it follows.

What Changed

1. Organization-Level Runner Configuration

Before this update, Copilot code review's runner type — standard GitHub-hosted, larger GitHub-hosted, or self-hosted — had to be configured per repository. For organizations with dozens or hundreds of repos, this was a configuration headache.

Now, organization admins can set a default runner type that applies to all repositories. Admins can also lock the runner type, preventing individual repositories from overriding it.

Why this matters:

• Cost control: Larger runners are billed at higher per-minute rates under the new Actions-minutes billing model (effective June 1). Locking runners prevents teams from accidentally burning budget on expensive configurations.
• Performance: Larger runners provide more CPU, memory, and disk space — useful for repos with deep dependency trees or monorepos.
• Compliance: Self-hosted runners keep your code on your own infrastructure, critical for finance, healthcare, and defense.

2. Content Exclusion Support

Copilot code review now respects content exclusion settings at the repository, organization, and enterprise levels. Configure exclusion patterns once, and Copilot skips matching files during review.

Common exclusion targets:

• Generated code: Protobuf stubs, GraphQL types, OpenAPI clients — no human reviewer reads these either.
• Proprietary algorithms: Prevent AI from seeing sensitive business logic in your core IP.
• Third-party code: Skip vendored dependencies and forked libraries.
• Secrets and configs: Exclude .env files, Terraform state, or Kubernetes secrets manifests.

This is the most requested security feature since code review launched. Previously, there was no way to prevent Copilot from reviewing files containing proprietary code or secrets — a dealbreaker for regulated enterprises.

3. Unlimited Custom Instruction Size

The character limit on .github/copilot-instructions.md — the file that defines coding standards, style guides, and review preferences for Copilot — has been completely removed.

Previously capped at a few thousand characters, teams can now embed entire style guides, architecture decision records (ADRs), language-specific conventions, and team norms directly into the instructions file.

Real-world impact:

• Large engineering orgs can encode complete coding standards (think Google's style guides, not a bullet-point summary).
• Monorepos can include per-language conventions without hitting a wall.
• Regulated environments can explicitly document every review criterion the AI must follow.

Why This Update Matters Now

The timing is deliberate. GitHub switched Copilot code review to an Actions-minutes billing model on June 1, 2026 — every review now costs money. With a model multiplier of 13x for code review, the per-review cost adds up fast in active repos.

These three controls are the levers you need to manage that cost:

How to Configure Each Control

Runner type (org-level):

1. Go to Organization Settings → Copilot → Code review
2. Select Standard, Larger, or Self-hosted under "Runner type"
3. Check "Lock runner type" to prevent repository overrides

Content exclusion:

1. Go to Organization Settings → Copilot → Content exclusion
2. Add glob patterns (e.g., generated/**, vendor/**, *.pb.go)
3. Patterns cascade down to all repositories

Custom instructions:

1. Create or edit .github/copilot-instructions.md at the repo root
2. Write coding standards, review criteria, and style preferences
3. No character limit — include everything your team needs

Bottom Line

If your team uses Copilot code review and has been waiting for enterprise-grade controls, this update is the green light. Org-level runner configuration solves the "who changed the runner to Large and burned our budget" problem. Content exclusion solves the "don't send our proprietary code to an AI" problem. And unlimited instructions solves the "our style guide is 40 pages, not 2,000 characters" problem.

Combined with the new billing model, these controls transform Copilot code review from a per-repo toy into an enterprise-wide tool you can actually manage.