Welcome to December and another release of SQL Server Management Studio (SSMS)! Today we released SSMS 22.1, which has a few improvements related to GitHub Copilot, as well as several fixes for both GitHub Copilot and SSMS.
Please visit the release notes for a full list of what's changed. For those of you looking to try out GitHub Copilot, we now have a walk through available that you can access from the Copilot badge (from the dropdown select GitHub Copilot Walkthrough). And for those of you are already using GitHub Copilot, we fixed that pesky issue of Run ValidateGeneratedTSQL showing up repeatedly, among a few other things.
While you're here, I'd like to take a moment to clear up some misconceptions about GitHub Copilot that I’ve seen floating around in blog posts and on social media. I'm covering these in a FAQ type format because I think it's easier (and faster) for folks to read. If you have specific questions, feel free to add a comment. If you want to see specific features in either SSMS or GitHub Copilot in SSMS, please create feedback items on the site (if you put a request in the comment, I’ll ask you to create it as a feedback item 😊). As always, please search first!
Does GitHub Copilot use my prompts and its responses to train or retrain models?
No. Understand that not all models are hosted by Microsoft, but those that are hosted elsewhere also make the same commitment. This is clearly stated in the GitHub doc covering model hosting and includes links to the hosting provider’s commitment statement.
Are prompts and responses encrypted?
Yes. We encourage all customers to visit the GitHub Copilot Trust Center to get answers to questions about privacy and security.
Can I see what queries GitHub Copilot executes?
Yes. Use Extended Events and filter on an Application Name of Microsoft SQL Server Management Studio – GitHub Copilot.
Can I use other models with GitHub Copilot?
Yes. Bring your own model (BYOM) is now available in SSMS 22.1 for personal subscriptions. You should use models that support tool calling.
Do I get the same answer from every model in GitHub Copilot?
No. The models available in GitHub Copilot in SSMS are available because they support tool calling, but they are different based on training, reasoning, temperature, and more. As such, responses to prompts can and will vary across models.
Can I attach an execution plan for GitHub Copilot to analyze?
Yes. Either open a saved plan, or after capturing a plan in SSMS (using Query > Include Actual Execution Plan), right-click on the plan and select Show Execution Plan in New Tab. With the query editor tab as the active tab, in the chat window use # to bring up the open document list. Select the execution plan from the list, then enter your prompt ("analyze the execution plan and make recommendations for improvements").
Can GitHub Copilot run destructive commands against my database?
Currently, no. As of this release (22.1) GitHub Copilot in SSMS only supports Ask mode, and all queries executed against your database are SELECT statements (read-only), as noted here.
We are planning to bring support for Agent mode to SSMS. With Agent mode, users will be able to allow GitHub Copilot to run queries on their behalf, but it will require them to approve query execution (read/write with approval).
All queries executed by GitHub Copilot execute in the context of the user that is connected, based on their permissions. If a user has permission to run destructive queries (e.g. DELETE, UPDATE, DROP, etc.) and approves the request from GitHub Copilot to execute a destructive query, then the query will run.
We recommend the following: Ensure users have appropriate permissions (principle of least privilege). This is a standard recommendation for any user that connects to a database. There are database roles available that allow reading of data and prevent modification of data.
What if I don’t want to allow Agent mode?
You can leverage administrative controls for GitHub Copilot to disable Agent mode, once it’s available in SSMS. Visual Studio, and thus SSMS, use Administrative Templates for Group Policies.
What if I don’t want to allow my users to use GitHub Copilot in SSMS?
Again, Administrative Templates are the answer. You can disable Copilot SKUs entirely, or for individual accounts.
Microsoft