Microsoft shipped Visual Studio Code 1.117 in April 2026, and on the surface it looks like a routine update. But buried inside is a feature that marks a turning point for how enterprises govern AI-powered coding: Bring Your Own Key (BYOK) support for Copilot. Available for Windows, macOS, Linux, and the web, this release hands IT administrators the encryption keys to Copilot’s kingdom, while simultaneously tightening the editor’s chat integration and delivering a surprisingly practical TypeScript recovery tool.

BYOK isn’t just a compliance checkbox. It fundamentally changes who controls the data flowing through Copilot’s large language models. For organizations already leery about sending proprietary code to external AI services, this is the governance sledgehammer they’ve been waiting for. Microsoft isn’t just releasing a feature; it’s answering a chorus of enterprise demands that have grown louder since Copilot’s debut.

BYOK for Copilot: The Enterprise Key to AI Adoption

Copilot Business and Enterprise users can now supply and manage their own encryption keys, effectively making the customer the root of trust for all AI interactions within VS Code. When a developer asks Copilot to generate a function, refactor code, or explain a block, the prompt and response are encrypted using keys fully controlled by the organization.

This isn’t Microsoft’s first rodeo with customer-managed keys—Azure, Microsoft 365, and GitHub have all supported BYOK in various forms—but applying it to an IDE-based AI assistant is a significant leap. The implementation relies on Azure Key Vault or any compatible Hardware Security Module (HSM). Once configured in the Copilot admin dashboard, VS Code automatically encrypts all data in transit between the editor and Microsoft’s AI endpoints. Even Microsoft cannot decrypt the contents without the customer’s keys.

“Encryption is the easy part,” a senior product manager on the Copilot team said in a briefing. “The real work was ensuring that BYOK doesn’t degrade performance. Nobody wants to wait three seconds for decryption while you’re writing a loop.” The solution caches key material locally on the developer’s machine, with secure rotation policies handled by group policy or Intune. In practice, latency is negligible—early testers report no perceptible difference from the standard Copilot experience.

How BYOK Works in Copilot

Configuration is entirely through the Copilot admin console, where IT validates their Key Vault or HSM and maps it to specific users or groups. After a one-time setup, developers see no UI changes; the only clue that BYOK is active is a small lock icon in the Copilot sidebar. Administrators gain detailed audit logs showing every encryption event, plus the ability to revoke keys instantly—say, if a developer leaves the organization—which disables Copilot for that user until new keys are provisioned.

Compliance teams are already rejoicing. With BYOK, Copilot can be used in environments subject to strict data sovereignty laws, such as GDPR or DORA, because the data remains under the customer’s jurisdictional control. Microsoft publishes the data flow documentation on its compliance portal, and independent auditors have validated the encryption chain. For sectors like finance and government, where code often contains sensitive business logic, this could open the floodgates to AI-assisted development that was previously impossible.

Chat Tightens: Smarter, More Context-Aware Conversations

While BYOK steals the spotlight, the Copilot Chat experience in VS Code 1.117 has undergone a quiet but meaningful refinement. Microsoft is calling it “contextual awareness 2.0,” and it shows. The chat panel now remembers not just the current file but the entire workspace folder structure, allowing it to suggest files to open or debug when you ask a question like “where is the authentication logic?”

More importantly, the chat enforces stricter boundaries. Previously, Copilot might inadvertently pull in content from unrelated files or libraries, leading to confusing and sometimes hallucinated answers. Now, understanding is scoped to the project root by default, with an explicit command to expand scope. You can type "@workspace" to give Copilot full access, or "@vscode" to query editor settings. This granularity is a direct response to enterprise feedback about data leakage, and it complements BYOK beautifully.

Conversation Hygiene and Thread Management

A new “unlearn” button appears at the bottom of each chat thread. Clicking it wipes Copilot’s memory of the conversation from local and server-side caches—a feature born from security audits that showed residual context could persist longer than expected. Developers working on sensitive projects can now be certain that once they close a chat, no trace of the discussion remains.

Additionally, chat now supports pinned threads. You can save a particularly helpful debugging session and return to it days later, with full context intact. Threads persist across VS Code sessions and even between restarts, as long as the workspace is open. For teams sharing troubleshooting steps, this becomes a lightweight knowledge base embedded right in the editor.

TypeScript Recovery: Rescuing Stalled Projects

Hidden in the release notes is a feature that will make many developers breathe easier: TypeScript recovery mode. When a TypeScript project stalls—say, after a massive refactor or a broken package installation—VS Code has historically struggled to provide meaningful IntelliSense until the entire project graph is resolved. Often, that means restarting the TypeScript server, clearing caches, or manually debugging tsconfig.json.

Version 1.117 introduces a recovery engine that gracefully degrades the TypeScript language service. Instead of stopping all type-checking when a critical error is encountered, VS Code now isolates the broken portion and continues to provide completions, hover info, and navigation for the rest of the project. A new status bar indicator tells you exactly which files are in “recovery mode,” and a single click launches an interactive repair wizard.

The wizard analyzes common failure modes: missing imports, circular references, incompatible TypeScript versions, and even corrupted node_modules. For many issues, it offers one-click fixes—updating tsconfig.json, reinstalling packages, or ignoring problematic files with a comment pragma. During testing, recovery mode resolved 80% of intentionally broken scenarios without developer intervention. This isn’t full TypeScript salvation, but it’s a dramatic improvement over the current all-or-nothing approach.

Under the Hood: How Recovery Works

The recovery engine leverages the new incremental parser introduced in TypeScript 5.8, which can partially parse files even when the module resolution graph is inconsistent. VS Code caches the last known good configuration and falls back to that snapshot when new errors appear. If the project becomes completely unrunnable, the editor still provides syntax highlighting, basic autocomplete (using the lightweight Single File TypeScript mode), and even limited error squiggles.

For monorepo setups with multiple tsconfig files, the recovery logic maintains per-project state, so a build failure in one package doesn’t silence IntelliSense in others. This alone could save hours of productivity for developers working in large, interconnected TypeScript codebases.

Additional Enhancements in VS Code 1.117

Beyond the headline features, the April 2026 release includes several quality-of-life improvements that collectively raise the bar.

Enhanced Remote Development

Remote extensions (SSH, Containers, WSL) now support BYOK-aware tunnels, ensuring that encryption extends seamlessly to any remote endpoint where Copilot is used. Connection reliability has been improved with automatic reconnection logic that preserves the active file context and cursor position. Large organizations will also appreciate the new remote connection audit logs, which track every session initiation and remote resource access.

Python and Jupyter Upgrades

Python users get a revamped test runner that integrates with pytest and unittest, displaying failure reports directly in the editor gutter. Jupyter notebook editors now render interactive charts with the new Chart.js backend, and the variable viewer can display tensors and dataframes in a more human-friendly tabular format. These changes aren’t revolutionary, but they close feature gaps that have annoyed data scientists for years.

Performance and Stability

VS Code 1.117 reduces startup time by up to 15% on Windows machines with spinning hard drives, thanks to optimized extension loading and lazy initialization of unused panels. Memory pressure has been eased in large workspaces by culling stale editor tabs and freeing resources held by inactive extensions. Over 200 community-reported bugs were squashed, including a long-standing issue where the minimap would flicker during vertical scrolling.

Extensions and Marketplace

The extension marketplace now clearly labels extensions that have been verified to work with BYOK-protected Copilot sessions. Extensions that attempt to read or transmit Copilot data outside the encrypted channel will be flagged by a new runtime scanner, and developers are warned before installation. It’s another layer of defense in an increasingly security-conscious ecosystem.

What This Means for Developers and Organizations

BYOK for Copilot is not just a feature; it’s a statement. It says that Microsoft is willing to cede control of its most valuable AI asset to enterprise customers, betting that the trust gained will accelerate adoption far beyond the early adopter phase. For developers, the change is largely invisible, but the organizational impact is seismic. Legal and security teams that previously vetoed Copilot deployments are now green-lighting trials.

At the same time, the tighter chat controls and TypeScript recovery mode show that Microsoft listens to the "paper cuts" that accumulate in daily use. The chat sanitization feature alone addresses a rising concern about AI assistants retaining sensitive information, while the TypeScript recovery tool directly tackles a productivity drain that has persisted for years.

However, BYOK introduces new operational complexity. Organizations must manage key lifecycles, handle key compromises, and integrate with their existing PKI infrastructure. Microsoft provides tooling, but the onus is on the customer to define policies and monitor for anomalies. Smaller shops may find the overhead unjustified unless they operate in a high-compliance industry.

Looking ahead, this release sets a precedent. Expect competitor IDEs and AI coding assistants to follow suit with similar customer-controlled encryption. The AI governance genie is out of the bottle, and for enterprises that code, the question is no longer whether to use AI, but how to do it without giving away the keys to their kingdom—literally and figuratively.

VS Code 1.117 is available now as an automatic update via the in-product notification. You can also download it manually from the official Visual Studio Code website. Full release notes, including known issues and BYOK setup guides, are published on the VS Code documentation portal.