Week 2: Features & Data handling – Copilot Free learning & cert prep

[Akash1134]

👋 Welcome to Week 2 of the GitHub Copilot Certification Prep Course! Last week was just the warm-up—now we’re diving deeper into what makes GitHub Copilot truly powerful. This week, we’re breaking down the engine, unpacking its data handling, and exploring the features that make Copilot an AI powerhouse. ✊

Here’s what we’ll be tackling:

• Copilot Features & Data Handling
  • GitHub Copilot features
    • Copilot features like Chat, Copilot Extensions, Pull Request Summaries, Copilot in CLI, Copilot Workspace, Text Completion, GitHub Models, and more.
    • Main features of GitHub Copilot for Business, Enterprise, and Copilot Chat.
• How GitHub Copilot works and handles data
  • How GitHub Copilot handles data
  • Data pipeline lifecycle of GitHub Copilot code suggestions in the IDE
  • Limitations of GitHub Copilot (and LLMs in general

Note

Don’t miss out—Keep engaging, learning, and growing together! Top participants will earn a GitHub Certifications exam voucher! 🎫 Think of it as your golden ticket to advancing your career! 💼

👀 Just a heads up! 👇

This week, we’re cooking up a fun and creative challenge for you: Build something with GitHub Copilot! The idea is to see how Copilot can help you turn your ideas into reality, faster and smoother. Keep an eye out for more details soon! 🔜

Your First Move: Study Smart, Level Up! 🎯

Last week, we built a rock-solid foundation with Copilot basics. Now, it’s time to level up! We’ve curated high-impact study materials to help you grasp the technical details. This will level
Stay tuned, stay engaged, and let’s keep the momentum going! 💡⚡

• Microsoft Learn Modules (each of the modules has its own knowledge check exercise)
  • Using advanced GitHub Copilot features
  • GitHub Copilot Across Environments: IDE, Chat, and Command Line Techniques
  • Management and customization considerations with GitHub Copilot
  • Copilot features
    • Introduction to GitHub Copilot Business
      • Introduction to GitHub Copilot Enterprise
• GitHub Learning Pathways
  • How GitHub Copilot handles data
• Videos
  • Getting started with GitHub Copilot (Playlist with over 80 videos)
  • GitHub Copilot plans and features (On Demand from Microsoft Reactor)
  • Want some fun? Build Conway's Game of Life with GitHub Copilot Free
  • Say hello to GitHub Copilot Enterprise!
  • Get Started with GitHub Copilot and GitHub Copilot Chat
  • Copilot Features (Complete playlist with 34 videos)
    • GitHub Models
    • Copilot Workspace
    • Copilot Pull Request Summaries
    • Copilot Agent
• Blogs and Resources
  • How we evaluate AI models and LLMs for GitHub Copilot
  • AI Assisted Development with GitHub Copilot
  • Inside GitHub: Working with the LLMs behind GitHub Copilot
  • How GitHub Copilot is getting better at understanding your code
  • How does GitHub use the Copilot data?
  • Pros and Cons of Github Copilot
• GitHub Docs
  • Use GitHub Copilot
  • Manage GitHub Copilot
  • GitHub Copilot features (Includes resources to all features)
  • About GitHub Copilot Chat in Visual Studio and AI-powered chat conversations with GitHub Copilot

Knowledge Checkpoint 🏁 - Let’s See What You’ve Got! 🧠

📔 Take your time to review the resources above and ensure you're well-prepared for the practice questions.

🙇‍♂️ Thanks to your feedback from last week's survey, we've added more practice questions and fine-tuned them to better align with the actual certification exam.

1. What is a fundamental difference between Copilot for Business and Copilot for Enterprise regarding security and compliance?

• A) Copilot for Enterprise allows organizations to configure custom LLM training with proprietary data.
• B) Copilot for Business does not support compliance frameworks like SOC 2 Type II, while Copilot for Enterprise does.
• C) Copilot for Enterprise ensures zero data retention for AI-generated completions, while Business does not.
• D) Copilot for Business includes access to Copilot Knowledge Bases, while Enterprise does not.

2. In which two scenarios would GitHub Copilot NOT provide a suggestion? (Select two)

• A) The user is writing a private, proprietary API call with no prior examples in public repositories.
• B) The user has disabled telemetry and data sharing in GitHub Copilot settings.
• C) The user is using Copilot Chat in JetBrains IDE but has exceeded their rate limit.
• D) The user is using Copilot in VS Code, but their organization has Copilot completions disabled at the repository level.

3. In the context of GitHub Copilot's new Agent Mode, which capability enhances its autonomous code iteration?

• A) Agent Mode can automatically recognize and correct errors in its own code suggestions.
• B) It requires manual intervention to identify and fix code errors.
• C) Agent Mode limits code suggestions to predefined templates.
• D) It restricts code generation to a single programming language.

4. What happens when GitHub Copilot detects potentially sensitive information in a prompt?

• A) Copilot automatically masks sensitive data before sending it to the LLM.
• B) Copilot displays a warning and refuses to generate a suggestion.
• C) Copilot does not process prompts flagged for PII, and they are never sent to GitHub servers.
• D) Copilot filters sensitive data using a heuristic-based approach before processing.

5. When GitHub Copilot generates a completion, how does it determine which suggestion is the most relevant?

• A) The suggestion most frequently accepted by developers in similar contexts is ranked higher.
• B) The model prioritizes suggestions that match common patterns seen in open-source repositories.
• C) The ranking favors suggestions that have appeared in at least two public repositories.
• D) Suggestions are always ranked by execution performance and efficiency.

6. What role does the Copilot Proxy play in the GitHub Copilot data pipeline?

• A) It routes and processes user requests before sending them to the LLM.
• B) It filters Copilot completions for potential copyrighted code snippets.
• C) It encrypts all Copilot data before storing it for model training.
• D) It automatically tests Copilot-generated code for security vulnerabilities.

7. If a user experiences delayed Copilot completions, which two factors could be responsible? (Select two)

• A) The IDE's context window exceeds Copilot's processing limit.
• B) The user has local AI caching enabled, slowing down remote completions.
• C) The user is working in an unsupported programming language.
• D) Copilot’s rate limits have been exceeded, causing temporary delays.

8. Under what circumstances is GitHub Copilot most likely to produce incorrect or “hallucinated” code?

• A) When low-confidence completions are not filtered out.
• B) When Copilot generates code outside of a developer's typical style.
• C) When using older programming languages with fewer public code examples.
• D) When the user has enabled local AI-assisted debugging.

9. Which of the following security concerns is most relevant when using Copilot-generated code?

• A) Copilot-generated code may include non-performant syntax, reducing execution speed.
• B) Copilot does not automatically sanitize user input, increasing the risk of injection attacks.
• C) Copilot-generated functions cannot be modified after generation.
• D) Copilot-generated code is always licensed under the MIT License.

10. Which two platforms currently support GitHub Copilot Chat? (Select two)

• A) GitHub Codespaces
• B) JetBrains IDEs
• C) GitHub Web UI (Discussions & Issues)
• D) Visual Studio Code

11. What is a key limitation of Copilot’s CLI integration compared to IDE-based Copilot features?

• A) It only works with Git commands.
• B) It lacks access to context from open files in the IDE.
• C) It automatically commits suggested commands without confirmation.
• D) It cannot generate scripts, only single-line commands.

12. What are the key limitations of GitHub Copilot’s LLM-based code generation? (Select two)

• A) It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.
• B) Copilot’s suggestions are deterministic, meaning it will always provide the same code for a given prompt.
• C) It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programming languages.
• D) Copilot prevents licensing conflicts by ensuring that generated code does not match GPL-licensed repositories.

13. What is the recommended best practice for an organization implementing Copilot for Business?

• A) Restrict Copilot usage to repositories with public code to improve completions.
• B) Enable telemetry collection for better personalized suggestions.
• C) Configure organization-wide policies to enforce responsible AI usage.
• D) Require manual approval for every Copilot-generated completion.

14. How can Copilot for Enterprise be customized for an organization’s internal workflows? (Select two)

• A) Train Copilot on internal, proprietary codebases for better context.
• B) Restrict Copilot to only suggest code from pre-approved open-source licenses.
• C) Configure Copilot Knowledge Bases for internal documentation lookups.
• D) Limit Copilot to only suggest previously accepted completions within the org.

[Ronaldo-001]

Lezzzz gooo!! 🚀

[salahtidur]

[Akash1134]

We encourage thoughtful reflection over quick responses to practice questions. Please take your time to thoroughly review the resources we've shared above.

[Ronaldo-001]

This week seems a little easier at first, I guess. Thanks @Akash1134 😄 for providing these resources !!

Here are my answers:

1. What is a fundamental difference between Copilot for Business and Copilot for Enterprise regarding security and compliance?

• A) Copilot for Enterprise allows organizations to configure custom LLM training with proprietary data.
• [✔] B) Copilot for Business does not support compliance frameworks like SOC 2 Type II, while Copilot for Enterprise does.
• C) Copilot for Enterprise ensures zero data retention for AI-generated completions, while Business does not.
• D) Copilot for Business includes access to Copilot Knowledge Bases, while Enterprise does not.

Reason:
Copilot for Enterprise is designed for organizations that need compliance with security frameworks like SOC 2 Type II. Copilot for Business does not provide this level of compliance, making it less suitable for regulated industries.

---

2. In which two scenarios would GitHub Copilot NOT provide a suggestion? (Select two)

• [✔] A) The user is writing a private, proprietary API call with no prior examples in public repositories.
• B) The user has disabled telemetry and data sharing in GitHub Copilot settings.
• C) The user is using Copilot Chat in JetBrains IDE but has exceeded their rate limit.
• [✔] D) The user is using Copilot in VS Code, but their organization has Copilot completions disabled at the repository level.

Reason:
Copilot generates completions based on public data. If a user writes a private API with no public reference, Copilot won’t have relevant suggestions. Additionally, organizational policies can disable Copilot at the repository level, preventing completions.

---

3. In the context of GitHub Copilot's new Agent Mode, which capability enhances its autonomous code iteration?

• [✔] A) Agent Mode can automatically recognize and correct errors in its own code suggestions.
• B) It requires manual intervention to identify and fix code errors.
• C) Agent Mode limits code suggestions to predefined templates.
• D) It restricts code generation to a single programming language.

Reason:
Agent Mode improves Copilot’s ability to refine its own suggestions by detecting errors and making corrections, reducing developer intervention.

---

4. What happens when GitHub Copilot detects potentially sensitive information in a prompt?

• A) Copilot automatically masks sensitive data before sending it to the LLM.
• [✔] B) Copilot displays a warning and refuses to generate a suggestion.
• C) Copilot does not process prompts flagged for PII, and they are never sent to GitHub servers.
• D) Copilot filters sensitive data using a heuristic-based approach before processing.

Reason:
Copilot includes safeguards to prevent handling sensitive data, such as API keys or credentials. It warns users and avoids processing flagged prompts.

---

5. When GitHub Copilot generates a completion, how does it determine which suggestion is the most relevant?

• [✔] A) The suggestion most frequently accepted by developers in similar contexts is ranked higher.
• B) The model prioritizes suggestions that match common patterns seen in open-source repositories.
• C) The ranking favors suggestions that have appeared in at least two public repositories.
• D) Suggestions are always ranked by execution performance and efficiency.

Reason:
Copilot refines suggestions based on developer behavior. Frequently accepted completions in similar contexts are ranked higher for better relevance.

---

6. What role does the Copilot Proxy play in the GitHub Copilot data pipeline?

• [✔] A) It routes and processes user requests before sending them to the LLM.
• B) It filters Copilot completions for potential copyrighted code snippets.
• C) It encrypts all Copilot data before storing it for model training.
• D) It automatically tests Copilot-generated code for security vulnerabilities.

Reason:
The Copilot Proxy acts as an intermediary, handling requests and managing interactions with the language model. It does not filter for copyright or security issues.

---

7. If a user experiences delayed Copilot completions, which two factors could be responsible? (Select two)

• [✔] A) The IDE's context window exceeds Copilot's processing limit.
• B) The user has local AI caching enabled, slowing down remote completions.
• C) The user is working in an unsupported programming language.
• [✔] D) Copilot’s rate limits have been exceeded, causing temporary delays.

Reason:
Exceeding the context window limit increases processing time. Additionally, if rate limits are reached, completions may be delayed or blocked.

---

8. Under what circumstances is GitHub Copilot most likely to produce incorrect or “hallucinated” code?

• [✔] A) When low-confidence completions are not filtered out.
• B) When Copilot generates code outside of a developer's typical style.
• C) When using older programming languages with fewer public code examples.
• D) When the user has enabled local AI-assisted debugging.

Reason:
Copilot occasionally generates incorrect code (hallucinations), especially when confidence scores are low. Filtering low-confidence completions helps improve accuracy.

---

9. Which of the following security concerns is most relevant when using Copilot-generated code?

• A) Copilot-generated code may include non-performant syntax, reducing execution speed.
• [✔] B) Copilot does not automatically sanitize user input, increasing the risk of injection attacks.
• C) Copilot-generated functions cannot be modified after generation.
• D) Copilot-generated code is always licensed under the MIT License.

Reason:
Copilot does not apply security best practices automatically. Developers must validate and sanitize input to prevent security vulnerabilities.

---

10. Which two platforms currently support GitHub Copilot Chat? (Select two)

• [✔] A) GitHub Codespaces
• B) JetBrains IDEs
• C) GitHub Web UI (Discussions & Issues)
• [✔] D) Visual Studio Code

Reason:
Copilot Chat is integrated into VS Code and Codespaces, but not yet in JetBrains IDEs or GitHub’s web interface.

---

11. What is a key limitation of Copilot’s CLI integration compared to IDE-based Copilot features?

• A) It only works with Git commands.
• [✔] B) It lacks access to context from open files in the IDE.
• C) It automatically commits suggested commands without confirmation.
• D) It cannot generate scripts, only single-line commands.

Reason:
The CLI version of Copilot does not have access to context from the IDE, making its suggestions less informed compared to IDE integrations.

---

12. What are the key limitations of GitHub Copilot’s LLM-based code generation? (Select two)

• [✔] A) It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.
• B) Copilot’s suggestions are deterministic, meaning it will always provide the same code for a given prompt.
• [✔] C) It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programming languages.
• D) Copilot prevents licensing conflicts by ensuring that generated code does not match GPL-licensed repositories.

Reason:
Copilot has limitations in reasoning over complex logic and can sometimes generate incomplete code, especially in languages with fewer public resources.

---

13. What is the recommended best practice for an organization implementing Copilot for Business?

• A) Restrict Copilot usage to repositories with public code to improve completions.
• B) Enable telemetry collection for better personalized suggestions.
• [✔] C) Configure organization-wide policies to enforce responsible AI usage.
• D) Require manual approval for every Copilot-generated completion.

Reason:
Organizations should set policies for responsible AI use to ensure security and compliance while leveraging Copilot’s productivity benefits.

[paulsuv9]

Thanks for sharing your answers, @Ronaldo-001 ! I agree that this week seems a bit easier. What features of Copilot have you found most useful so far?

[Ronaldo-001]

@paulsuv9 One thing I find fascinating is how GitHub Copilot is evolving towards more agent-like capabilities, where it can not only suggest code but also understand higher-level intent and workflows

[mvark]

As per this GitHub Blog post on December 6, 2024, "Copilot Business and Enterprise are now gaining coverage of control operating effectiveness over the period represented by a Type II report (as opposed to the point-in-time reports represented by the previous Type I reports issued Spring 2024). These efforts and the culminating SOC 2 Type II reports represent GitHub’s ongoing commitment to provide secure products to our customers, which continues to provide developers the assurance to build software better, together."

So based on that Copilot Business and Enterprise both support SOC 2 Type II framework

[SatyamSharma007]

1. What is a fundamental difference between Copilot for Business and Copilot for Enterprise regarding security and compliance?
   ✅ B) Copilot for Business does not support compliance frameworks like SOC 2 Type II, while Copilot for Enterprise does.
2. In which two scenarios would GitHub Copilot NOT provide a suggestion? (Select two)
   ✅ A) The user is writing a private, proprietary API call with no prior examples in public repositories.
   ✅ D) The user is using Copilot in VS Code, but their organization has Copilot completions disabled at the repository level.
3. In the context of GitHub Copilot's new Agent Mode, which capability enhances its autonomous code iteration?
   ✅ A) Agent Mode can automatically recognize and correct errors in its own code suggestions.
4. What happens when GitHub Copilot detects potentially sensitive information in a prompt?
   ✅ B) Copilot displays a warning and refuses to generate a suggestion.
5. When GitHub Copilot generates a completion, how does it determine which suggestion is the most relevant?
   ✅ A) The suggestion most frequently accepted by developers in similar contexts is ranked higher.
6. What role does the Copilot Proxy play in the GitHub Copilot data pipeline?
   ✅ A) It routes and processes user requests before sending them to the LLM.
7. If a user experiences delayed Copilot completions, which two factors could be responsible? (Select two)
   ✅ A) The IDE's context window exceeds Copilot's processing limit.
   ✅ D) Copilot’s rate limits have been exceeded, causing temporary delays.
8. Under what circumstances is GitHub Copilot most likely to produce incorrect or “hallucinated” code?
   ✅ A) When low-confidence completions are not filtered out.
9. Which of the following security concerns is most relevant when using Copilot-generated code?
   ✅ B) Copilot does not automatically sanitize user input, increasing the risk of injection attacks.
10. Which two platforms currently support GitHub Copilot Chat? (Select two)
    ✅ A) GitHub Codespaces
    ✅ D) Visual Studio Code
11. What is a key limitation of Copilot’s CLI integration compared to IDE-based Copilot features?
    ✅ B) It lacks access to context from open files in the IDE.
12. What are the key limitations of GitHub Copilot’s LLM-based code generation? (Select two)
    ✅ A) It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.
    ✅ C) It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programming languages.
13. What is the recommended best practice for an organization implementing Copilot for Business?
    ✅ C) Configure organization-wide policies to enforce responsible AI usage.

[paulsuv9]

Great answers, @SatyamSharma007 ! I also found that understanding the differences between Copilot for Business and Enterprise is crucial for compliance. Have you explored any specific compliance frameworks in your projects?

[PETAPAMENMESJJ]

First question.
My answer is A.

Second question.
My answer is B.

Third question.
My answer is A.

Fourth question.
My answer is D.

Fiveth question.
My answer is D.

Sixth question.
My answer is D.

Seventh question.
My answers are B and C.

Eightieth question.
My answer is B.

Nineth question.
My answer is D.

Tenth question.
My answers are C and D.

Eleventh question.
My answer is C.

Twelveth question.
My answers are A and C.

Thirteenth question.
My answer is C.

Fourteenth question.
My answers are A and C.

[Arya-AD]

1. What is a fundamental difference between Copilot for Business and Copilot for Enterprise regarding security and compliance?

   • B) Copilot for Business does not support compliance frameworks like SOC 2 Type II, while Copilot for Enterprise does.

2. In which two scenarios would GitHub Copilot NOT provide a suggestion? (Select two)

   • A) The user is writing a private, proprietary API call with no prior examples in public repositories.
   • D) The user is using Copilot in VS Code, but their organization has Copilot completions disabled at the repository level.

3. In the context of GitHub Copilot's new Agent Mode, which capability enhances its autonomous code iteration?

   • A) Agent Mode can automatically recognize and correct errors in its own code suggestions.

4. What happens when GitHub Copilot detects potentially sensitive information in a prompt?

   • C) Copilot does not process prompts flagged for PII, and they are never sent to GitHub servers.

5. When GitHub Copilot generates a completion, how does it determine which suggestion is the most relevant?

   • A) The suggestion most frequently accepted by developers in similar contexts is ranked higher.

6. What role does the Copilot Proxy play in the GitHub Copilot data pipeline?

   • A) It routes and processes user requests before sending them to the LLM.

7. If a user experiences delayed Copilot completions, which two factors could be responsible? (Select two)

   • A) The IDE's context window exceeds Copilot's processing limit.
   • D) Copilot’s rate limits have been exceeded, causing temporary delays.

8. Under what circumstances is GitHub Copilot most likely to produce incorrect or “hallucinated” code?

   • A) When low-confidence completions are not filtered out.

9. Which of the following security concerns is most relevant when using Copilot-generated code?

   • B) Copilot does not automatically sanitize user input, increasing the risk of injection attacks.

10. Which two platforms currently support GitHub Copilot Chat? (Select two)

    • A) GitHub Codespaces
    • D) Visual Studio Code

11. What is a key limitation of Copilot’s CLI integration compared to IDE-based Copilot features?

    • B) It lacks access to context from open files in the IDE.

12. What are the key limitations of GitHub Copilot’s LLM-based code generation? (Select two)

    • A) It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.
    • C) It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programming languages.

13. What is the recommended best practice for an organization implementing Copilot for Business?

    • C) Configure organization-wide policies to enforce responsible AI usage.

14. How can Copilot for Enterprise be customized for an organization’s internal workflows? (Select two)

    • A) Train Copilot on internal, proprietary codebases for better context.
    • C) Configure Copilot Knowledge Bases for internal documentation lookups.

[paulsuv9]

Great answers, @Arya-AD ! I also found that understanding the differences between Copilot for Business and Enterprise is crucial for compliance. Have you explored any specific compliance frameworks in your projects?

[paulsuv9]

○ “Leverage Copilot’s Pull Request Summaries to streamline code reviews. It provides concise summaries of changes, making it easier for reviewers to understand the context and focus on critical issues.”

💡 “How do you use Copilot to enhance your code review process?”

[paulsuv9]

I found the Microsoft Learn modules on advanced GitHub Copilot features very helpful. They provide in-depth insights into data handling and customization. Which resources did you find most useful?

[Ronaldo-001]

@paulsuv9 I found github docs more useful as it provides detailed info about every feature!!

[paulsuv9]

1. Question: “What is a fundamental difference between Copilot for Business and Copilot for Enterprise regarding security and compliance?”
   o Answer: B) Copilot for Business does not support compliance frameworks like SOC 2 Type II, while Copilot for Enterprise does.
   o Reasoning: “Copilot for Enterprise is designed to meet the rigorous compliance standards required by industries such as finance and healthcare, ensuring adherence to frameworks like SOC 2 Type II. This makes it a more suitable choice for organizations with stringent regulatory requirements.”
   o Tip: 💡 “Consider conducting a compliance audit to identify which frameworks your organization needs to adhere to before choosing between Copilot for Business and Enterprise.”

2. Question: “In which two scenarios would GitHub Copilot NOT provide a suggestion? (Select two)”
   o Answer: A) The user is writing a private, proprietary API call with no prior examples in public repositories.
   o Answer: D) The user is using Copilot in VS Code, but their organization has Copilot completions disabled at the repository level.
   o Reasoning: “Copilot relies on publicly available data to generate suggestions. Without public examples, it cannot provide relevant completions. Additionally, organizational policies can restrict Copilot’s functionality to ensure security and compliance, preventing completions in certain repositories.”
   o Tip: 💡 “Ensure your organization’s policies are configured correctly to enable or disable Copilot completions as needed for different projects.”

3. Question: “In the context of GitHub Copilot’s new Agent Mode, which capability enhances its autonomous code iteration?”
   o Answer: A) Agent Mode can automatically recognize and correct errors in its own code suggestions.
   o Reasoning: “Agent Mode’s self-correcting capability reduces the need for manual intervention, making it more efficient for iterative development processes. This feature enhances productivity by quickly addressing errors.”
   o Tip: 💡 “Regularly review and test the corrections made by Agent Mode to ensure they align with your project’s coding standards.”

4. Question: “What happens when GitHub Copilot detects potentially sensitive information in a prompt?”
   o Answer: B) Copilot displays a warning and refuses to generate a suggestion.
   o Reasoning: “To protect user privacy and security, Copilot includes safeguards that prevent the processing of sensitive information. This ensures that potentially harmful data, such as API keys or personal information, is not inadvertently exposed.”
   o Tip: 💡 “Always review your prompts to ensure they do not contain sensitive information before using Copilot.”

5. Question: “When GitHub Copilot generates a completion, how does it determine which suggestion is the most relevant?”
   o Answer: A) The suggestion most frequently accepted by developers in similar contexts is ranked higher.
   o Reasoning: “Copilot leverages collective developer behavior to refine its suggestions. By prioritizing frequently accepted completions, it increases the likelihood of providing useful and contextually appropriate code.”
   o Tip: 💡 “Experiment with different coding contexts to see how Copilot’s suggestions vary and find the most effective patterns for your projects.”

6. Question: “What role does the Copilot Proxy play in the GitHub Copilot data pipeline?”
   o Answer: A) It routes and processes user requests before sending them to the LLM.
   o Reasoning: “The Copilot Proxy acts as an intermediary, ensuring that user requests are properly formatted and processed before reaching the language model. This step is crucial for maintaining the efficiency and accuracy of Copilot’s suggestions.”
   o Tip: 💡 “Monitor the performance of the Copilot Proxy to identify any potential bottlenecks or issues in the data pipeline.”

7. Question: “If a user experiences delayed Copilot completions, which two factors could be responsible? (Select two)”
   o Answer: A) The IDE’s context window exceeds Copilot’s processing limit.
   o Answer: D) Copilot’s rate limits have been exceeded, causing temporary delays.
   o Reasoning: “Exceeding the context window limit can slow down processing as Copilot struggles to handle large amounts of data. Additionally, rate limits are in place to manage server load, and exceeding these limits can result in temporary delays.”
   o Tip: 💡 “Optimize your IDE settings and be mindful of rate limits to ensure smooth and efficient use of Copilot.”

8. Question: “Under what circumstances is GitHub Copilot most likely to produce incorrect or “hallucinated” code?”
   o Answer: A) When low-confidence completions are not filtered out.
   o Reasoning: “Low-confidence completions are more prone to errors and inaccuracies. By filtering these out, Copilot can improve the overall quality and reliability of its suggestions.”
   o Tip: 💡 “Regularly review and validate Copilot’s suggestions to ensure they meet your project’s standards and requirements.”

9. Question: “Which of the following security concerns is most relevant when using Copilot-generated code?”
   o Answer: B) Copilot does not automatically sanitize user input, increasing the risk of injection attacks.
   o Reasoning: “Sanitizing user input is a critical security practice to prevent injection attacks. Developers must manually ensure that Copilot-generated code includes proper input validation to mitigate this risk.”
   o Tip: 💡 “Implement robust input validation and sanitization practices in your code to enhance security.”

10. Question: “Which two platforms currently support GitHub Copilot Chat? (Select two)”
    o Answer: A) GitHub Codespaces
    o Answer: D) Visual Studio Code
    o Reasoning: “Copilot Chat is integrated into platforms like GitHub Codespaces and Visual Studio Code, providing developers with interactive assistance directly within their development environments.”
    o Tip: 💡 “Explore the interactive features of Copilot Chat in these platforms to enhance your coding experience and productivity.”

11. Question: “What is a key limitation of Copilot’s CLI integration compared to IDE-based Copilot features?”
    o Answer: B) It lacks access to context from open files in the IDE.
    o Reasoning: “The CLI version of Copilot does not have the same level of context awareness as IDE integrations. This limitation can affect the relevance and accuracy of its suggestions.”
    o Tip: 💡 “Use Copilot in an IDE for more context-aware suggestions, especially for complex projects.”

12. Question: “What are the key limitations of GitHub Copilot’s LLM-based code generation? (Select two)”
    o Answer: A) It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.
    o Answer: C) It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programming languages.
    o Reasoning: “LLM-based code generation has limitations in handling complex logic and may produce incomplete or incorrect code, particularly in languages with fewer public examples. Developer oversight is essential to ensure accuracy.”
    o Tip: 💡 “Always review and test Copilot’s suggestions, especially for complex logic, to ensure they meet your project’s requirements.”

13. Question: “What is the recommended best practice for an organization implementing Copilot for Business?”
    o Answer: C) Configure organization-wide policies to enforce responsible AI usage.
    o Reasoning: “Implementing organization-wide policies ensures that Copilot is used responsibly and in compliance with security and ethical standards. This practice helps mitigate risks and promotes safe AI usage.”
    o Tip: 💡 “Develop a comprehensive AI usage policy that includes guidelines for responsible use, security, and compliance.”

14. Question: “How can Copilot for Enterprise be customized for an organization’s internal workflows? (Select two)”
    o Answer: A) Train Copilot on internal, proprietary codebases for better context.
    o Answer: C) Configure Copilot Knowledge Bases for internal documentation lookups.
    o Reasoning: “Customizing Copilot with internal codebases and documentation enhances its relevance and utility for the organization. This tailored approach ensures that Copilot provides contextually appropriate suggestions aligned with internal workflows.”
    o Tip: 💡 “Regularly update Copilot’s training data and knowledge bases to reflect changes in your organization’s codebase and documentation.”

[VCharrua]

I wanted to use GitHub Copilot as an assistant for this week assignment... So, I tried out a prompt template that would give the best results and that could be used by different models in new chat sessions for each iteration. The purpose was to identify how accurate they were and their reasoning capabilities when questioned. Went thru all the documentation to try to confirm the right answers and sources. In the comments I'll elaborate a little more about the experience and the different results obtained.

1. What is a fundamental difference between Copilot for Business and Copilot for Enterprise regarding security and compliance?

• A. Copilot for Enterprise allows organizations to configure custom LLM training with proprietary data.
• B. Copilot for Business does not support compliance frameworks like SOC 2 Type II, while Copilot for Enterprise does.
• C. Copilot for Enterprise ensures zero data retention for AI-generated completions, while Business does not.
• D. Copilot for Business includes access to Copilot Knowledge Bases, while Enterprise does not.

Reasoning
The compliance certifications represent a key differentiator for organizations that require higher levels of security assurance and regulatory compliance.

This can be verified from the GitHub documentation:

1. GitHub Copilot for Enterprise includes additional compliance certifications including SOC 1 Type II, SOC 2 Type II, and FedRAMP Moderate certifications that are not available in the Business tier.
2. This is documented in the GitHub Copilot Trust Center and product comparison pages:
   GitHub Copilot Trust Center
   Copilot product comparison

The other options are incorrect because:

• A) is incorrect: Neither version allows custom LLM training with proprietary data
• C) is incorrect: Both versions follow the same data retention policies
• D) is incorrect: Both versions include access to Copilot for Knowledge Bases

Considerations
Although it was possible to confirm thru documentation that option B) its detailed (eg: link), some sources include Copilot for Business as this blog post.

Questions?
Does SOC 2 Type II will be or is already available for GitHub Copilot Business?

---

2. In which two scenarios would GitHub Copilot NOT provide a suggestion? (Select two)

• A. The user is writing a private, proprietary API call with no prior examples in public repositories.
• B. The user has disabled telemetry and data sharing in GitHub Copilot settings.
• C. The user is using Copilot Chat in JetBrains IDE but has exceeded their rate limit.
• D. The user is using Copilot in VS Code, but their organization has Copilot completions disabled at the repository level.

Reasoning

• C) Rate limits are a real restriction that will prevent Copilot from providing suggestions. When users exceed their rate limits in any IDE including JetBrains, Copilot will stop providing suggestions until the limit resets. This is documented in GitHub's rate limiting documentation for Copilot: https://docs.github.com/en/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot#error-sorry-your-request-was-rate-limited

• D) If an organization has disabled Copilot completions at the repository level, Copilot will not provide suggestions for that repository. This is a hard enforcement of organizational policies, as documented here: https://docs.github.com/en/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization

Why the other options are incorrect:

• A) Copilot can still provide suggestions for private API calls based on patterns and general programming knowledge, even without exact public examples.

• B) Telemetry settings don't affect Copilot's ability to provide suggestions - they only control data collection about usage. Disabling telemetry won't stop Copilot from functioning: Reviewing user activity data for Copilot in your organization and GitHub General Privacy Statement

---

3. In the context of GitHub Copilot's new Agent Mode, which capability enhances its autonomous code iteration?

• A. Agent Mode can automatically recognize and correct errors in its own code suggestions.
• B. It requires manual intervention to identify and fix code errors.
• C. Agent Mode limits code suggestions to predefined templates.
• D. It restricts code generation to a single programming language.

Reasoning
Agent Mode in GitHub Copilot represents an advancement in autonomous code generation and iteration. According to GitHub's documentation, Agent Mode has the capability to:

1. Understand the context of the code more deeply
2. Automatically detect issues in its suggestions
3. Iteratively improve and fix code without requiring manual intervention
4. Debug and refine code suggestions on its own

You can verify this from:
Copilot Edits

The other options are incorrect because:

• B) is false because Agent Mode specifically reduces the need for manual intervention
• C) is false as Agent Mode can generate custom code, not just templates
• D) is false because Agent Mode works across multiple programming languages

This autonomous error recognition and correction capability is one of the key features that distinguishes Agent Mode from regular GitHub Copilot functionality.

Other sources

• About Copilot agents
• Setting up Copilot Extensions

---

4. What happens when GitHub Copilot detects potentially sensitive information in a prompt?

• A. Copilot automatically masks sensitive data before sending it to the LLM.
• B. Copilot displays a warning and refuses to generate a suggestion.
• C. Copilot does not process prompts flagged for PII, and they are never sent to GitHub servers.
• D. Copilot filters sensitive data using a heuristic-based approach before processing.

Reasoning
According to GitHub's documentation (https://resources.github.com/learn/pathways/copilot/essentials/how-github-copilot-handles-data/), when potential personally identifiable information (PII) is detected in code, those prompts are automatically filtered out before being sent to GitHub's servers. This is a preventive security measure that happens at the client side.

The documentation specifically states that Copilot includes protections against sending sensitive data like potential API keys, tokens, or other secrets. These prompts are blocked entirely from being processed or transmitted, rather than being masked or filtered after the fact.

The key point is that the sensitive data is never transmitted at all, making C the most accurate answer that aligns with GitHub's documented security practices.

Sources

• Responsible use of GitHub Copilot Chat in your IDE
• GitHub Copilot Features
• GitHub General Privacy Statement

Questions?
I did search for additional documentation supporting the answer, but I would appreciate some suggestions/corrections about the topic.

---

5. When GitHub Copilot generates a completion, how does it determine which suggestion is the most relevant?

• A. The suggestion most frequently accepted by developers in similar contexts is ranked higher.
• B. The model prioritizes suggestions that match common patterns seen in open-source repositories.
• C. The ranking favors suggestions that have appeared in at least two public repositories.
• D. Suggestions are always ranked by execution performance and efficiency.

Reasoning
When GitHub Copilot generates a completion, it determines the most relevant suggestion primarily based on common patterns seen in open-source repositories and user context. The more a particular code pattern is seen in public repositories, the higher its relevance. This aligns with option B: "The model prioritizes suggestions that match common patterns seen in open-source repositories."

Sources

• Best practices for using GitHub Copilot
• Finding public code that matches GitHub Copilot suggestions

Questions?
Another issue where I had some doubts, but B) continues to be my best answer so far.

---

6. What role does the Copilot Proxy play in the GitHub Copilot data pipeline?

• A. It routes and processes user requests before sending them to the LLM.
• B. It filters Copilot completions for potential copyrighted code snippets.
• C. It encrypts all Copilot data before storing it for model training.
• D. It automatically tests Copilot-generated code for security vulnerabilities.

Reasoning
The Copilot Proxy serves as an intermediary service that:

• Handles and processes incoming requests from IDE extensions and GitHub.com
• Routes these processed requests to the appropriate language model
• Manages communication between user editors and the completion service

This can be verified in GitHub's technical documentation about Copilot's architecture where they describe the proxy's role in request handling and routing.

While some documentation is limited on the exact technical details of the proxy for security reasons, we can see this role mentioned in GitHub's public telemetry documentation and ne

Sources

• How GitHub Copilot handles data

---

7. If a user experiences delayed Copilot completions, which two factors could be responsible? (Select two)

• A. The IDE's context window exceeds Copilot's processing limit.
• B. The user has local AI caching enabled, slowing down remote completions.
• C. The user is working in an unsupported programming language.
• D. Copilot’s rate limits have been exceeded, causing temporary delays.

Reasoning

1. Large context windows (option A) can cause delays because Copilot needs to process more code to generate suggestions. Per the GitHub Copilot documentation, large files or excessive context can impact performance.

2. Rate limits (option D) are explicitly mentioned as a cause of delays in the documentation at https://docs.github.com/en/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot#error-sorry-your-request-was-rate-limited, where exceeding API limits can cause temporary slowdowns.

Options B and C are incorrect because:

• Local AI caching is not a feature of GitHub Copilot
• Programming language support does not affect completion speed (unsupported languages simply won't get suggestions)

Other sources

• Best practices for using GitHub Copilot
• Using GitHub Copilot in your IDE: Tips, tricks, and best practices
• Exploring potential feature implementations
• GitHub Rate Limits

---

8. Under what circumstances is GitHub Copilot most likely to produce incorrect or “hallucinated” code?

• A. When low-confidence completions are not filtered out.
• B. When Copilot generates code outside of a developer's typical style.
• C. When using older programming languages with fewer public code examples.
• D. When the user has enabled local AI-assisted debugging.

Reasoning

According to GitHub's documentation (https://docs.github.com/en/copilot/configuring-github-copilot/configuring-github-copilot-in-your-environment), Copilot has a setting to filter out low-confidence suggestions. When this filter is disabled, Copilot will show more suggestions, but they are more likely to be incorrect or "hallucinated."

The reasoning is:

• Copilot's suggestions are based on confidence levels
• Low-confidence completions are more likely to contain errors or be inappropriate for the context
• The filter exists specifically to reduce incorrect suggestions
• When disabled, the quantity of suggestions increases but quality decreases

The other options are less likely causes:

• Coding style (B) affects readability but not correctness
• Language popularity (C) may affect suggestion frequency but not accuracy
• Local debugging (D) is unrelated to suggestion accuracy

For best results, GitHub recommends keeping the confidence filter enabled by default to reduce incorrect suggestions.

You can verify this in settings under "Enable/Disable suggestion filtering" where GitHub explicitly warns about the increased risk of incorrect suggestions when the filter is disabled.

---

9. Which of the following security concerns is most relevant when using Copilot-generated code?

• A. Copilot-generated code may include non-performant syntax, reducing execution speed.
• B. Copilot does not automatically sanitize user input, increasing the risk of injection attacks.
• C. Copilot-generated functions cannot be modified after generation.
• D. Copilot-generated code is always licensed under the MIT License.

Reasoning
This is the most relevant security concern when using GitHub Copilot-generated code because:

1. Input validation and sanitization are critical security practices that must be implemented deliberately, regardless of whether code is AI-generated or manually written.

2. According to GitHub's documentation on Copilot security best practices, developers are responsible for reviewing and testing generated code for security vulnerabilities.

3. While option A about performance is a consideration, it's not primarily a security concern. Option C is incorrect as Copilot-generated code can be modified. Option D is incorrect about licensing.

The responsibility for ensuring secure coding practices, including proper input sanitization, falls on the developer. GitHub explicitly recommends that all Copilot-generated code should be reviewed and tested for security vulnerabilities, particularly in areas like input validation, which could lead to injection attacks if not properly handled.

This security consideration is particularly important since Copilot generates code based on patterns it has learned, but may not automatically implement security best practices unless specifically prompted to do so.

Sources

• Best practices for using GitHub Copilot
• Responsible use of GitHub Copilot Chat in your IDE
• Responsible use of GitHub Copilot Chat in GitHub
• Finding existing vulnerabilities in code

---

10. Which two platforms currently support GitHub Copilot Chat? (Select two)

• A. GitHub Codespaces
• B. JetBrains IDEs
• C. GitHub Web UI (Discussions & Issues)
• D. Visual Studio Code

Reasoning
The two platforms that currently support GitHub Copilot Chat are Visual Studio Code and JetBrains IDEs.

• GitHub Copilot Chat is available in Visual Studio Code as detailed in the GitHub Copilot Chat documentation.
• It is also available in JetBrains IDEs, as mentioned in the GitHub Copilot Chat documentation.

---

11. What is a key limitation of Copilot’s CLI integration compared to IDE-based Copilot features?

• A. It only works with Git commands.
• B. It lacks access to context from open files in the IDE.
• C. It automatically commits suggested commands without confirmation.
• D. It cannot generate scripts, only single-line commands.

Reasoning
GitHub Copilot CLI (Command Line Interface) has a key limitation compared to its IDE counterpart because it can't access or analyze the context from open files in an IDE environment. According to the GitHub Copilot documentation:

1. The CLI version can generate and suggest commands based on natural language prompts and your command history
2. However, unlike the IDE version, it cannot:
   • Read your current code context
   • Analyze multiple open files
   • Understand your project structure like the IDE version can

This limitation is significant because IDE-based Copilot can provide more contextually relevant suggestions by analyzing your current workspace, open files, and project structure. The CLI version, while powerful for command-line operations, operates with more limited context.

The other options are incorrect because:

• A) The CLI works with various shell commands, not just Git
• C) Copilot CLI always requires user confirmation before executing commands
• D) Copilot CLI can generate both scripts and single-line commands

Sources

• GitHub Copilot in the CLI

---

12. What are the key limitations of GitHub Copilot’s LLM-based code generation? (Select two)

• A. It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.
• B. Copilot’s suggestions are deterministic, meaning it will always provide the same code for a given prompt.
• C. It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programming languages.
• D. Copilot prevents licensing conflicts by ensuring that generated code does not match GPL-licensed repositories.

Reasoning

• A) True: GitHub Copilot does struggle with complex multi-step reasoning and logical correctness. According to GitHub's documentation about Copilot's limitations, the tool works best with straightforward tasks and may need developer oversight for complex logical operations.

• C) True: GitHub Copilot can indeed produce incomplete or syntactically incorrect code, particularly for less common programming languages. This is documented in GitHub's technical specifications and limitations.

Sources

• Best practices for using GitHub Copilot
• Troubleshooting common issues with GitHub Copilot

---

13. What is the recommended best practice for an organization implementing Copilot for Business?

• A. Restrict Copilot usage to repositories with public code to improve completions.
• B. Enable telemetry collection for better personalized suggestions.
• C. Configure organization-wide policies to enforce responsible AI usage.
• D. Require manual approval for every Copilot-generated completion.

Reasoning
When implementing GitHub Copilot for Business, establishing organization-wide policies is the recommended best practice because it allows organizations to:

• Implementing organization-wide policies ensures that the use of GitHub Copilot aligns with the organization’s values and regulatory requirements.
• It helps in managing access, setting usage guidelines, and ensuring ethical use of AI tools.
• This approach supports responsible AI usage, which is crucial for maintaining trust and compliance.

Sources

• Driving Copilot adoption in your company
• Best practices for using GitHub Copilot

---

14. How can Copilot for Enterprise be customized for an organization’s internal workflows? (Select two)

• A. Train Copilot on internal, proprietary codebases for better context.
• B. Restrict Copilot to only suggest code from pre-approved open-source licenses.
• C. Configure Copilot Knowledge Bases for internal documentation lookups.
• D. Limit Copilot to only suggest previously accepted completions within the org.

Reasoning

1. For option B) Organizations can configure policies to only allow suggestions from code with specific licenses. This is documented in "Managing GitHub Copilot in your organization" where administrators can set policies for allowed licenses in suggestions.

2. For option C) GitHub Copilot Enterprise includes Copilot Knowledge Bases feature, which allows organizations to connect their internal documentation and code to Copilot for contextual suggestions.

Sources

• Managing policies for Copilot in your organization
• Managing Copilot knowledge bases

---

I'm still working on additional notes, but any comments are welcome. 🚀🚀🚀

[Akash1134]

Brilliant analysis and reasoning @VCharrua 👏

[mvark]

The Changelog section of the GitHub Blog has a lot of interesting updates like the SOC 2 Type II Framework support in both Copilot for Business and Copilot for Enterprise. As suggested on the Changelog home page, I've subscribed to the RSS feed & following ghchangelog handle on X.

The Release Notes that comes up when Visual Studio is updated also has a good digest of the new features that are added. It informs that the Gemini 2.0 Flash model is now available to all GitHub Copilot customers, including Copilot Free.

[ViolettaCogoni]

Q4
https://learn.microsoft.com/en-us/training/modules/introduction-prompt-engineering-with-github-copilot/3-github-copilot-user-prompt-process-flow
Filtering happens at proxy level, before sending the prompt to LLMs, so I think it has to reach GitHub servers level. I suppose A is the correct answer

[johnniekpng]

Here are my answers to questions:

1. What is a fundamental difference between Copilot for Business and Copilot for Enterprise regarding security and compliance?
   B) Copilot for Business does not support compliance frameworks like SOC 2 Type II, while Copilot for Enterprise does.

• Copilot for Enterprise offers more advanced security and compliance features, including support for frameworks like SOC 2 Type II, which are not available in Copilot for Business.

2. In which two scenarios would GitHub Copilot NOT provide a suggestion? (Select two)
   A) The user is writing a private, proprietary API call with no prior examples in public repositories.
   D) The user is using Copilot in VS Code, but their organization has Copilot completions disabled at the repository level.

• GitHub Copilot relies on patterns from public repositories, so it wouldn't provide suggestions for proprietary API calls without examples. Also, if Copilot is disabled at the repository level, it will not provide suggestions.

3. In the context of GitHub Copilot's new Agent Mode, which capability enhances its autonomous code iteration?
   A) Agent Mode can automatically recognize and correct errors in its own code suggestions.

• Agent Mode enhances autonomous code iteration by being able to recognize and correct errors in its suggestions without manual intervention.

4. What happens when GitHub Copilot detects potentially sensitive information in a prompt?
   B) Copilot displays a warning and refuses to generate a suggestion.

• When Copilot detects potentially sensitive information, it will display a warning to the user and will not generate a suggestion to protect the sensitive data.

5. When GitHub Copilot generates a completion, how does it determine which suggestion is the most relevant?
   A) The suggestion most frequently accepted by developers in similar contexts is ranked higher.

• GitHub Copilot ranks suggestions based on their acceptance frequency by developers in similar contexts, which helps in providing the most relevant completions.

6. What role does the Copilot Proxy play in the GitHub Copilot data pipeline?
   A) It routes and processes user requests before sending them to the LLM.

• The Copilot Proxy is responsible for routing and processing user requests before they are sent to the Large Language Model (LLM) for generating suggestions.

7. If a user experiences delayed Copilot completions, which two factors could be responsible? (Select two)
   A) The IDE's context window exceeds Copilot's processing limit.
   D) Copilot’s rate limits have been exceeded, causing temporary delays.

• Delays in Copilot completions can occur if the IDE's context window is too large for Copilot to process efficiently or if the user has exceeded Copilot’s rate limits.

8. Under what circumstances is GitHub Copilot most likely to produce incorrect or “hallucinated” code?
   A) When low-confidence completions are not filtered out.

• GitHub Copilot may produce incorrect or "hallucinated" code when it fails to filter out low-confidence completions, which are more likely to be incorrect.

9. Which of the following security concerns is most relevant when using Copilot-generated code?
   B) Copilot does not automatically sanitize user input, increasing the risk of injection attacks.

• A significant security concern with Copilot-generated code is the lack of automatic input sanitization, which can increase the risk of injection attacks if not addressed by the developer.

10. Which two platforms currently support GitHub Copilot Chat? (Select two)
    A) GitHub Codespaces
    D) Visual Studio Code

• GitHub Copilot Chat is integrated into the coding environments of Visual Studio Code (via an extension) and GitHub Codespaces (a cloud-based editor).

11. What is a key limitation of Copilot’s CLI integration compared to IDE-based Copilot features?
    B) It lacks access to context from open files in the IDE.

• A key limitation of Copilot's CLI integration is that it does not have access to the context from open files in the IDE, which can limit the relevance and accuracy of its suggestions.

12. What are the key limitations of GitHub Copilot’s LLM-based code generation? (Select two)
    A) It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.
    C) It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programming languages.

• GitHub Copilot's LLM-based code generation has limitations in handling complex multi-step reasoning and may produce incomplete or syntactically incorrect suggestions, particularly in languages with fewer resources.

13. What is the recommended best practice for an organization implementing Copilot for Business?
    C) Configure organization-wide policies to enforce responsible AI usage.

• A recommended best practice for implementing Copilot for Business is to configure organization-wide policies to ensure responsible AI usage, aligning with the organization's standards and compliance requirements.

14. How can Copilot for Enterprise be customized for an organization’s internal workflows? (Select two)
    A) Train Copilot on internal, proprietary codebases for better context.
    C) Configure Copilot Knowledge Bases for internal documentation lookups.

• Customization options for Copilot for Enterprise include training it on internal proprietary codebases and configuring Copilot Knowledge Bases for internal documentation lookups to better align with the organization’s workflows.

[mvark]

Besides GitHub, VS Code, Visual Studio, Vim/Neovim, JetBrains suite of IDEs, GitHub Copilot is available for Azure Data Studio, XCode

Code completion in GitHub Copilot for Xcode became generally available (GA) in February 2025.

[paulsuv9]

○ “Use GitHub Copilot to generate comprehensive documentation for your code. This can include function descriptions, usage examples, and parameter explanations. Automating documentation helps maintain consistency and saves time.”

💡 “What are your favorite tips for using Copilot to automate documentation?”

[Akash1134]

Bonus: Community Challenge: Build Something with GitHub Copilot!

Hey everyone! 👋

We hope that Week 2 of our GitHub Copilot journey has been filled with learning so far. We have a really fun and creative challenge for you to take on: Build Something with GitHub Copilot!

This is your chance to explore Copilot’s capabilities, flex your coding muscles, and share your creations with the community. Whether you’re a beginner or a seasoned developer, this challenge is for you!

Remember, you can now code with GitHub Copilot for free.

---

🎯 The Challenge

Create a small project, script, or tool using Copilot and share it in a GitHub repository. It can be anything—a utility script, a mini-app, a game, or even a creative coding experiment. The goal is to see how Copilot can help you bring your ideas to life faster and more efficiently.

Even if it is something you've recently created, count them in!

Note

Join the challenge and rack up bonus points toward your GitHub certification voucher!

---

🚀 How to Participate

1. Build Something:

   • Use Copilot to write code for your project.
   • Your project can be in any programming language or framework.
   • Keep it small and manageable (think 1-2 hours of work or even less).

2. Share Your Code:

   • Create a public GitHub repository for your project.
   • Add a README.md file to explain what your project does and how to use it.
   • Tag your repository with #GitHubCopilotChallenge so others can find it.

3. Post in the Community:

   • Share a link to your repository in the comments below.
   • Tell us about your experience:
     • What did you build?
     • How did Copilot help you?
     • Did you learn anything new?

---

💡 Project Ideas to Get You Started

Need inspiration? Here are some ideas:

• A to-do list app with a command-line interface.
• A weather checker that fetches data from an API.
• A random quote generator.
• A simple game like Tic-Tac-Toe or Hangman.
• A script to automate a repetitive task (e.g., renaming files, organizing folders).
• Or literally anything else

---

🏆 What’s in It for You?

• Learn by Doing: Get hands-on experience with GitHub Copilot and discover its potential.
• Community Recognition: We’ll feature some of the most creative projects in Week 4 post!
• Bragging Rights: Show off your skills and inspire others in the community.

---

📅 Deadline

You have until the end of Week 3 to complete the challenge and share your project.

---

📚 Resources

• GitHub Copilot Documentation
• Building apps with GitHub Copilot: A developer's perspective 📹
• How to Create a GitHub Repository

Drop your project links and experiences in the comments below. Happy Copilot-ing! 🚀

[mvpkenlin]

🙋‍♂️ Is there any deadline for this?

I will need to squeeze in more time (personal time from work) to do this exercise. 😶‍🌫️

[Akash1134]

Hi @mvpkenlin, I have allocated us time until March 2nd to get the submissions. Thanks!

[mvark]

I've been using GitHub Copilot to modernize my JavaScript code in my hobby web apps. Earlier I had to rely on JavaScript helper libraries like jQuery but now that many features are inbuilt, Copilot makes it easy to convert existing code to native JavaScript and optimize performance besides helping me document it.

I like using Public REST APIs for my hobby web apps. There is big list of APIs & sample Web App Ideas for anyone interested.

[mvark]

On a related note, I came across this Azure AI Developer Hackathon. The requirement is to use GitHub Copilot with VS Code or Visual Studio to build and submit an app leveraging Azure services. Deadline is 28 Mar 2025

[mvpkenlin]

Here are my answers and explanations for week 2.

1. What is a fundamental difference between Copilot for Business and Copilot for Enterprise regarding security and compliance?

🟢 A) Copilot for Enterprise allows organizations to configure custom LLM training with proprietary data.

Note

Many people chose B, but I found the following,
'GitHub has published a SOC 2 Type I report for Copilot Business (including code completion in the IDE, and chat in the IDE, CLI, and Mobile). This Type 1 report demonstrates that Copilot Business has the controls in place necessary to protect the security of the service. We will include Copilot Business and Copilot Enterprise in our next SOC 2 Type 2 report coming in late 2024, covering April 1 to September 30, 2024.'
Source: https://github.blog/changelog/2024-06-03-github-copilot-compliance-soc-2-type-1-report-and-iso-iec-270012013-certification-scope/

C is incorrect, Zero data retention for code snippets and usage telemetry is applied to GitHub Copilot for Business and Enterprise.
D is incorrect, as it should be Enterprise includes access to Copilot Knowledge Bases.
Source: https://learn.microsoft.com/en-us/training/modules/introduction-to-github-copilot-enterprise/2-about-github-copilot-enterprise

2. In which two scenarios would GitHub Copilot NOT provide a suggestion? (Select two)

🟢 C) The user is using Copilot Chat in JetBrains IDE but has exceeded their rate limit.
🟢 D) The user is using Copilot in VS Code, but their organization has Copilot completions disabled at the repository level.

Note

C is correct, because Rate Limit is a real restriction that prevent Copilot to provide suggestions, it doesn't matter which IDE. (Only 2000 completions per month on Copilot Free)
D is correct, Copilot Business/Enterprise could exclude a file from being used by GitHub Copilot, as well as a repo.
Source: GitHub Copilot not working in some files

3. In the context of GitHub Copilot's new Agent Mode, which capability enhances its autonomous code iteration?

🟢 A) Agent Mode can automatically recognize and correct errors in its own code suggestions.

Note

A is correct, Copilot agents can perform various tasks such as querying documentation, retrieving data, executing specific actions, or providing AI-assisted coding suggestions.
Source: About Copilot agents

4. What happens when GitHub Copilot detects potentially sensitive information in a prompt?

🟢 A) Copilot automatically masks sensitive data before sending it to the LLM.

Note

If there is potentially sensitive information in a prompt, GitHub Copilot will sanitizes the prompt, dropping PII, secrets...etc. From my study on SalesForce AI, they do the same on masking the sensitive data before passing to LLM.
Source: AI Assisted Development with GitHub Copilot

5. When GitHub Copilot generates a completion, how does it determine which suggestion is the most relevant?

🟢 A) The suggestion most frequently accepted by developers in similar contexts is ranked higher.

Note

Provide feedback to improve future suggestions. You can provide feedback in many ways: For code completions, accept or reject Copilot's suggestion.
Source: Guide Copilot towards helpful outputs

6. What role does the Copilot Proxy play in the GitHub Copilot data pipeline?

🟢 D) It automatically tests Copilot-generated code for security vulnerabilities.

Note

D is correct here. From the image in the source link, I can see the Copilot Proxy actually will do the following,

• Test code suggestions for obvious bugs and common security vulnerabilities
• Truncate response that contain certain unique identifiers
• Filter responses matching public code
  Source: How does GitHub use the Copilot data?

7. If a user experiences delayed Copilot completions, which two factors could be responsible? (Select two)

🟢 A) The IDE's context window exceeds Copilot's processing limit.
🟢 D) Copilot’s rate limits have been exceeded, causing temporary delays.

Note

A is correct here. We could get the copilot process including our opening files or projects in the IDE.
D is correct here. If rate limit is exceeded, you will see a message in the chat and it also state that it will retry in some seconds later.

8. Under what circumstances is GitHub Copilot most likely to produce incorrect or “hallucinated” code?

🟢 A) When low-confidence completions are not filtered out.

Note

A is correct here. We should always enable Filtering low-confidence completions.

9. Which of the following security concerns is most relevant when using Copilot-generated code?

🟢 D) Copilot-generated code is always licensed under the MIT License.

Note

A is incorrect, It may include non-performant syntax, but it is not a security concerns
B is incorrect, Copilot Proxy does automatically sanitize user input
C is incorrect, we could always modified the generation codes.
So I picked D.

10. Which two platforms currently support GitHub Copilot Chat? (Select two)

🟢 A) GitHub Codespaces
🟢 B) JetBrains IDEs
🟢 C) GitHub Web UI (Discussions & Issues)
🟢 D) Visual Studio Code

Note

All 4 answers are supporting GitHub Copilot Chat. I am not sure what "platform" means here.
Source: A - Using GitHub Copilot in GitHub Codespaces
B - Asking GitHub Copilot questions in JetBrains IDE
C - Chat in Github
D - Asking GitHub Copilot questions in VSCode
A chat interface that lets you ask coding-related questions. GitHub Copilot Chat is available on the GitHub website, in GitHub Mobile, in supported IDEs (Visual Studio Code, Visual Studio, JetBrains IDEs, and Xcode), and in Windows Terminal. Users can also use skills with Copilot Chat.
Copilot features - Copilot Chat

11. What is a key limitation of Copilot’s CLI integration compared to IDE-based Copilot features?

🟢 D) B. It lacks access to context from open files in the IDE.

Note

D is answer. The CLI version can generate and suggest commands based on natural language prompts and your command history. However, unlike the IDE version, it cannot (1) Read your current code context; (2) Analyze multiple open files; (3) Understand your project structure like the IDE version can.
Source: Responsible use - Use Copilot in the CLI

12. What are the key limitations of GitHub Copilot’s LLM-based code generation? (Select two)

🟢 A) It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.
🟢 C) It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programming languages.

Note

A is correct, we should always do code review and correction.
B is incorrect, it will always provide difference code.
C is correct, it might returns incomplete or syntactically incorrect suggestions
D is incorrect, We could enable post-generation filtering to filter it out.
Source: GitHub Copilot Emits GPL. Codeium Does Not.

13. What is the recommended best practice for an organization implementing Copilot for Business?

🟢 C) Configure organization-wide policies to enforce responsible AI usage.

Note

C is always the key, no matter it is Copilot Free, Copilot Business, Copilot Pro, Copilot Enterprise

14. How can Copilot for Enterprise be customized for an organization’s internal workflows? (Select two)

🟢 A) Train Copilot on internal, proprietary codebases for better context.
🟢 C) Configure Copilot Knowledge Bases for internal documentation lookups.

Note

A is correct, with Copilot Enterprise, you can fine-tune Copilot code completion by creating a custom model based on code in your organization's repositories.
C is correct, Organization owners can create a knowledge base bringing together Markdown documentation across one or more repositories, and then organization members can use that knowledge base as context for Copilot Chat in GitHub. And this is only available to Copilot Enterprise
Source: Creating a custom model for GitHub Copilot
Source: Managing Copilot knowledge bases

[johnniekpng]

Question 1:
Neither Copilot for Business nor Copilot for Enterprise currently allows organizations to configure custom LLM (Large Language Model) training with proprietary data. Both versions operate within the constraints of their pre-trained models and do not support custom training on proprietary data for security and compliance reasons.
Question 2:
Exceeding the rate limit for Copilot Chat would prevent the user from using the chat feature, but it would not affect the code completion suggestions provided by GitHub Copilot within the IDE.
Question 4:
There is no evidence or official documentation that GitHub Copilot uses an automatic masking process.
Question 6:
Security vulnerability testing is part of post-processing but is not the proxy’s sole responsibility.
Question 9:
GitHub Copilot generates code based on patterns in its training data, but it does not inherently ensure secure practices like input validation or sanitization. Developers must manually review and secure such code, making this a top security concern.
Copilot-generated code does not automatically inherit any specific license.
Question 11:
Answer is B

[VCharrua]

Creating a custom model for GitHub Copilot

I also indicated option B) for question 1, although with doubts due to online documentation that indicated SOC 2 Type II was already available for GitHub Copilot Business... It seems option A) was the correct one. 😊

[mvark]

Question 1 was interesting. It helped me to learn more about SOC, changelogs and how everything in software development is constantly evolving.

I'm convinced that A is the right answer - GitHub Copilot for Enterprise allows organizations to configure custom LLM training with proprietary data.

With GitHub Copilot Enterprise, you can fine-tune a private, custom model, which is built on a company’s specific knowledge base and private code. Organizations that utilize GitHub Copilot Enterprise’s custom models enable more accurate and contextually relevant suggestions and responses.

Custom models for GitHub Copilot Enterprise is in public preview and is subject to change.

[kareem1207]

Thank you @Akash1134 for sharing such a wonderful and useful resources, i even used the knowledge i gained through the modules across various different ai models and i got accurate results, thank you so much as of this week questions, this are my answer:

1. What is a fundamental difference between Copilot for Business and Copilot for Enterprise regarding security and compliance?
   A) Copilot for Enterprise allows organizations to configure custom LLM training with proprietary data.✅
   B) Copilot for Business does not support compliance frameworks like SOC 2 Type II, while Copilot for Enterprise does.
   C) Copilot for Enterprise ensures zero data retention for AI-generated completions, while Business does not.
   D) Copilot for Business includes access to Copilot Knowledge Bases, while Enterprise does not.

2. In which two scenarios would GitHub Copilot NOT provide a suggestion? (Select two)
   A) The user is writing a private, proprietary API call with no prior examples in public repositories.
   B) The user has disabled telemetry and data sharing in GitHub Copilot settings.✅
   C) The user is using Copilot Chat in JetBrains IDE but has exceeded their rate limit.
   D) The user is using Copilot in VS Code, but their organization has Copilot completions disabled at the repository level.✅

3. In the context of GitHub Copilot's new Agent Mode, which capability enhances its autonomous code iteration?
   A) Agent Mode can automatically recognize and correct errors in its own code suggestions.✅
   B) It requires manual intervention to identify and fix code errors.
   C) Agent Mode limits code suggestions to predefined templates.
   D) It restricts code generation to a single programming language.

4. What happens when GitHub Copilot detects potentially sensitive information in a prompt?
   A) Copilot automatically masks sensitive data before sending it to the LLM.
   B) Copilot displays a warning and refuses to generate a suggestion.✅
   C) Copilot does not process prompts flagged for PII, and they are never sent to GitHub servers.
   D) Copilot filters sensitive data using a heuristic-based approach before processing.

5. When GitHub Copilot generates a completion, how does it determine which suggestion is the most relevant?
   A) The suggestion most frequently accepted by developers in similar contexts is ranked higher.✅
   B) The model prioritizes suggestions that match common patterns seen in open-source repositories.
   C) The ranking favors suggestions that have appeared in at least two public repositories.
   D) Suggestions are always ranked by execution performance and efficiency.

6. What role does the Copilot Proxy play in the GitHub Copilot data pipeline?
   A) It routes and processes user requests before sending them to the LLM.✅
   B) It filters Copilot completions for potential copyrighted code snippets.
   C) It encrypts all Copilot data before storing it for model training.
   D) It automatically tests Copilot-generated code for security vulnerabilities.

7. If a user experiences delayed Copilot completions, which two factors could be responsible? (Select two)
   A) The IDE's context window exceeds Copilot's processing limit.✅
   B) The user has local AI caching enabled, slowing down remote completions.
   C) The user is working in an unsupported programming language.✅
   D) Copilot’s rate limits have been exceeded, causing temporary delays.

8. Under what circumstances is GitHub Copilot most likely to produce incorrect or “hallucinated” code?
   A) When low-confidence completions are not filtered out.
   B) When Copilot generates code outside of a developer's typical style.
   C) When using older programming languages with fewer public code examples.✅
   D) When the user has enabled local AI-assisted debugging.

9. Which of the following security concerns is most relevant when using Copilot-generated code?
   A) Copilot-generated code may include non-performant syntax, reducing execution speed.
   B) Copilot does not automatically sanitize user input, increasing the risk of injection attacks.✅
   C) Copilot-generated functions cannot be modified after generation.
   D) Copilot-generated code is always licensed under the MIT License.

10. Which two platforms currently support GitHub Copilot Chat? (Select two)
    A) GitHub Codespaces✅
    B) JetBrains IDEs
    C) GitHub Web UI (Discussions & Issues)
    D) Visual Studio Code✅

11. What is a key limitation of Copilot’s CLI integration compared to IDE-based Copilot features?
    A) It only works with Git commands.
    B) It lacks access to context from open files in the IDE.✅
    C) It automatically commits suggested commands without confirmation.
    D) It cannot generate scripts, only single-line commands.

12. What are the key limitations of GitHub Copilot’s LLM-based code generation? (Select two)
    A) It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.✅
    B) Copilot’s suggestions are deterministic, meaning it will always provide the same code for a given prompt.
    C) It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programming languages.✅
    D) Copilot prevents licensing conflicts by ensuring that generated code does not match GPL-licensed repositories.

13. What is the recommended best practice for an organization implementing Copilot for Business?
    A) Restrict Copilot usage to repositories with public code to improve completions.
    B) Enable telemetry collection for better personalized suggestions.
    C) Configure organization-wide policies to enforce responsible AI usage.✅
    D) Require manual approval for every Copilot-generated completion.

14. How can Copilot for Enterprise be customized for an organization’s internal workflows? (Select two)
    A) Train Copilot on internal, proprietary codebases for better context.✅
    B) Restrict Copilot to only suggest code from pre-approved open-source licenses.✅
    C) Configure Copilot Knowledge Bases for internal documentation lookups.
    D) Limit Copilot to only suggest previously accepted completions within the org.

[pintuyadav5468]

answers:

1. What is a fundamental difference between Copilot for Business and Copilot for Enterprise regarding security and compliance?
   ✅ C) Copilot for Enterprise ensures zero data retention for AI-generated completions, while Business does not.

2.In which two scenarios would GitHub Copilot NOT provide a suggestion?
✅ A) The user is writing a private, proprietary API call with no prior examples in public repositories.
✅ D) The user is using Copilot in VS Code, but their organization has Copilot completions disabled at the repository level.

3.In the context of GitHub Copilot's new Agent Mode, which capability enhances its autonomous code iteration?
✅ A) Agent Mode can automatically recognize and correct errors in its own code suggestions.

4.What happens when GitHub Copilot detects potentially sensitive information in a prompt?
✅ B) Copilot displays a warning and refuses to generate a suggestion.

5.When GitHub Copilot generates a completion, how does it determine which suggestion is the most relevant?
✅ A) The suggestion most frequently accepted by developers in similar contexts is ranked higher.

6.What role does the Copilot Proxy play in the GitHub Copilot data pipeline?
✅ A) It routes and processes user requests before sending them to the LLM.

7.If a user experiences delayed Copilot completions, which two factors could be responsible?
✅ A) The IDE's context window exceeds Copilot's processing limit.
✅ D) Copilot’s rate limits have been exceeded, causing temporary delays.

8.Under what circumstances is GitHub Copilot most likely to produce incorrect or “hallucinated” code?
✅ A) When low-confidence completions are not filtered out.

9.Which of the following security concerns is most relevant when using Copilot-generated code?
✅ B) Copilot does not automatically sanitize user input, increasing the risk of injection attacks.

10. Which two platforms currently support GitHub Copilot Chat?
    ✅ A) GitHub Codespaces
    ✅ D) Visual Studio Code

11. What is a key limitation of Copilot’s CLI integration compared to IDE-based Copilot features?
    ✅ B) It lacks access to context from open files in the IDE.

12 .What are the key limitations of GitHub Copilot’s LLM-based code generation?
✅ A) It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.
✅ C) It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programming languages.

13.What is the recommended best practice for an organization implementing Copilot for Business?
✅ C) Configure organization-wide policies to enforce responsible AI usage.

14. How can Copilot for Enterprise be customized for an organization’s internal workflows?
    ✅ C) Configure Copilot Knowledge Bases for internal documentation lookups.
    ✅ D) Limit Copilot to only suggest previously accepted completions within the org.

[Parthapnath]

Answers:-

Q1.  C - Copilot for Enterprise ensures zero data retention for AI-generated completions, while Business does not.
Q2.  A- The user is writing a private, proprietary API call with no prior examples in public repositories.
C-  The user is using Copilot Chat in JetBrains IDE but has exceeded their rate limit.
Q3.  A - Agent Mode can automatically recognize and correct errors in its own code suggestions.
Q4.  B - Copilot displays a warning and refuses to generate a suggestion.
Q5.  A - The suggestion most frequently accepted by developers in similar contexts is ranked higher.
Q6. A - It routes and processes user requests before sending them to the LLM.
Q7.  A- The IDE's context window exceeds Copilot's processing limit.
D- Copilot’s rate limits have been exceeded, causing temporary delays.
Q8.  A - When low-confidence completions are not filtered out.
Q9.  B - Copilot does not automatically sanitize user input, increasing the risk of injection attacks.
Q10.  B- JetBrains IDEs
D- Visual Studio Code.
Q11. B - It lacks access to context from open files in the IDE.
Q12.  A- It struggles with complex multi-step reasoning, often requiring developer intervention for logical correctness.
C- It can produce incomplete or syntactically incorrect suggestions, especially in low-resource programmming languages
Q13.  C - Configure organization-wide policies to enforce responsible AI usage.
Q14.  A - Train Copilot on internal, proprietary codebases for better context.
C- Configure Copilot Knowledge Bases for internal documentation look ups.    

[Parthapnath]

Had a lot of fun in learning about the week 2 modules.