Microsoft quietly slipped a new administrative control into the April 2026 Patch Tuesday update for Windows 11 version 25H2: a policy that lets enterprises remove the Microsoft Copilot app from managed devices. But don’t expect a one-click purge—the policy only triggers under a precise set of conditions, reflecting Microsoft’s careful balancing act between pushing AI and respecting enterprise governance.

What Changed: A Policy That Targets Unused Copilot Installs

The “Remove Microsoft Copilot App” policy (documented under the Windows AI administrative templates) arrives with the April 2026 cumulative update (KB5083769 or later) for Windows 11 25H2. It applies to Pro, Enterprise, Education, and IoT Enterprise editions and works through both traditional Group Policy and modern MDM channels like Intune.

When enabled (integer value 1), the policy triggers a targeted uninstall of the Microsoft Copilot desktop app. Critically, this isn’t the same as the Microsoft 365 Copilot app that appears in Office productivity suites—it’s the standalone consumer-oriented Copilot that Microsoft has been pushing onto Windows desktops. The removal is “non-disruptive,” according to Microsoft, meaning it won’t break system components or affect other AI features tied to the Microsoft 365 license.

Admins can configure the policy via multiple paths:
- Group Policy Editor: Navigate to User Configuration > Administrative Templates > Windows AI > Remove Microsoft Copilot App and set it to Enabled.
- Policy CSP: Use the OMA-URI ./Device/Vendor/MSFT/Policy/Config/WindowsAI/RemoveMicrosoftCopilotApp with a value of 1 (device scope) or the user-scope equivalent.
- Intune Settings Catalog: Once ingested, the setting should appear under the Windows AI category (though rollout to all tenants may lag).

The policy’s existence was first spotted by Windows Insiders in January 2026, but its graduation to a production security update makes it enterprise-ready. Microsoft has not announced any plans to backport it to older Windows 11 releases.

Does This Affect You? Understanding the Eligibility Fine Print

Don’t expect the policy to scrub Copilot from every device. Microsoft engineered it to act only when three conditions are all true on a given endpoint:

  1. Both Microsoft Copilot and Microsoft 365 Copilot are installed. If a machine only has one of the two apps, the policy won’t fire.
  2. The user did not manually install Microsoft Copilot. If an employee intentionally downloaded it from the Microsoft Store or another source, the app is considered user-initiated and stays put.
  3. The Microsoft Copilot app hasn’t been launched in the past 28 days. Any usage in the previous four weeks resets the clock, signaling to Microsoft that the app is still active.

If all three conditions are met, the policy removes the Microsoft Copilot app cleanly—but users can reinstall it afterward if your organization’s store policies allow. Microsoft’s logic: if someone deliberately installed it or used it recently, yanking it abruptly would be disruptive. For many admins, that’s a sensible compromise; for those who want a complete ban, it’s a half-measure.

The 28-day rule, in particular, means the policy behaves differently across fleets. A shared kiosk where one user opened Copilot three weeks ago will keep the app, while an identical machine with no recent launches will see it vanish. This inconsistency may frustrate IT staff aiming for uniform builds, but Microsoft appears to be optimizing for user continuity over rigid endpoints.

How IT Can Deploy the Policy Today

If your organization runs Windows 11 25H2 and has deployed the April 2026 patches, you can implement the policy in three steps:

Step 1: Inventory your Copilot footprint. Use Intune, SCCM, or a third-party tool to identify devices that have the Microsoft Copilot app installed. Cross-reference with Microsoft 365 Copilot app presence to confirm eligibility.

Step 2: Pilot the policy on a small group. Create a test collection of devices that match the three conditions. Enable the policy via Group Policy or Intune, then verify after the next policy refresh that the app disappears only where expected. Monitor for help desk tickets—users may notice the missing icon even if they rarely used it.

Step 3: Roll out gradually with communication. Notify your user base that an unused Copilot app may be removed as part of a software standardization effort. Emphasize that Microsoft 365 Copilot within Word, Teams, or the sidebar is unaffected, and that anyone who needs the standalone app can reinstall it (if permitted). This proactive messaging prevents the “Did IT break something?” tickets.

For Intune, you can deploy the setting via a custom device configuration profile using the OMA-URI mentioned above. After the April update is installed, the policy template should also appear in the Settings Catalog under “Windows AI,” but if it’s missing, use the OMA-URI route.

If your goal is to permanently block Copilot, you’ll need to combine this policy with other controls—like AppLocker or Windows Defender Application Control (WDAC) rules that block the Copilot executable, or Store policies preventing reinstallation. The removal policy alone is a cleanup tool, not a security boundary.

The Backstory: Why Microsoft Is Taking This Step

Microsoft’s Copilot journey on Windows has been chaotic. Two years ago, the company touted a deep integration: a dedicated Copilot key on new keyboards, a taskbar button, and plans to embed AI into Settings, File Explorer, and notifications. Enterprise customers balked. Many found the consumer version confusing alongside the enterprise-licensed Microsoft 365 Copilot, and the automatic installation of the latter in March 2026 was met with swift backlash—Microsoft paused that rollout without explanation.

This removal policy is the second major course correction. It signals that Microsoft now recognizes that AI features, like any enterprise software, must be governed. The era of dumping AI onto every Windows desktop by default is waning; in its place is a model where admins can choose what appears on a corporate PC.

The policy’s narrow scope—only the standalone Copilot app, only when unused—suggests Microsoft is testing the waters. If enterprise adoption of Copilot grows organically, Microsoft can claim credit for respecting IT autonomy. If it stalls, the company retains the option to reintroduce more aggressive placement strategies later. For now, the messaging is clear: Windows AI is becoming policy-managed, and that’s a net win for enterprise control.

Your Copilot Cleanup Checklist

To make the most of this new policy, consider these actions:

  • Assess your Windows 11 25H2 rollout. The policy won’t help if your fleet is still on older builds. Accelerate migration where feasible.
  • Differentiate Copilot instances in your software inventory. The “Microsoft Copilot” app (pinned by default) is distinct from “Microsoft 365 Copilot” (integrated into Office). Label them clearly in your CMDB.
  • Set a Copilot policy baseline. Decide whether standalone Copilot is permitted, conditionally removed if unused, or completely blocked. Document the decision and share it with your governance committee.
  • Coordinate with your security team. Even an unused app can surface in vulnerability scans or compliance audits. Removal simplifies your software bill of materials.
  • Prepare your service desk. Brief agents on the 28-day rule and the potential for reinstallation. Script an FAQ so users aren’t surprised if the app vanishes one day.
  • Plan for other Copilot surfaces. Remember, this policy doesn’t touch Copilot in Edge, Bing, the Office sidebar, Teams, or the Windows taskbar search box. Those require their own controls.

What’s Next for Windows AI Controls

This policy won’t be the last. Microsoft’s recall feature, click-to-do, AI in Paint, and the Copilot hardware key all demand their own management switches. As Windows 11 deepens its AI roots, expect a parallel expansion of Group Policy objects and CSPs dedicated to AI governance.

Two questions loom: Will Microsoft extend this removal policy to older Windows 11 releases? And will it ever add a “prevent reinstall” toggle? For now, the company seems content with a light touch—removing only the most inactive copies of Copilot. But enterprise customers who have already adopted a “no unmanaged AI” stance may push for stronger tools.

In the short term, admins should treat the new policy as a valuable but limited weapon in the fight against desktop clutter. It’s a signal that Microsoft is listening—and that the line between AI innovation and enterprise intrusion can be redrawn with a simple group policy setting.