Copilot can already be disinstalled on Windows 11 25H2 a measure for the security and governance of IA

Microsoft has enabled a new option for administrators to uninstall the IA-driven assistant Copilot from business devices managed after the April 2026 patches. The configuration, called RemoveMicrosoftCopilotApp, is already available as Policy CSP and as a Group Policy object for environments using Microsoft Intune or System Center Configuration Manager (SCCM), and aims to offer a non-disruptive way to remove the app in mass of IT-controlled equipment. Microsoft announced as part of the notes of the monthly update.

It is important to understand the limitations of this policy: only applies to Windows 11 25H2, only when both Microsoft 365 Copilot and the Microsoft Copilot app are installed, provided that the user has not installed the app on his own and the app has not been run on the last 28 days. The policy is also restricted to the customer's Enterprise, Professional and Education editions. Microsoft details the configuration in its technical documentation for MDM and GPO administrators, including the CSP route and Group Policy key: Policy CSP - WindowsAI RemoveMicrosoftCopilotApp.

To enable it centrally you can apply via Intune or SCCM or by using the group policy editor using the route indicated by Microsoft (/ User / Vendor / MSFT / Policy / Config / WindowsAI / RemoveMicrosoftCopilotApp or / Device / Vendor / MSFT / Policy / Config / WindowsAI / RemoveMicrosoftCopilotApp). Uninstallation is reversible by the user that you can reinstall Copilot if you want, so IT equipment must complement the policy with controls that prevent unauthorized reinstallations if that is the organizational intention.

The launch takes place in a context of adjustment by Microsoft: the company paused the forced installation of Microsoft 365 Copilot on machines with Office and cancelled plans to integrate Copilot into notifications, Settings and File Explorer, as part of a movement to reduce what some call "block IA" in the operating system. Windows Central reported on these changes and on the reassessment of the integration strategy.

From a security and compliance perspective, the possibility of uninstalling Copilot is welcome, but does not solve all risks. The IA functions can increase the data filtration surface and problems have already been reported in which attendees based on Microsoft 365 Copilot summarized confidential emails by drawing DLP protections, which underlines the need for additional controls beyond the mere removal of the app. Therefore, organizations should consider policy as a further lever within a broader IA governance and data protection programme.

I recommend that IT teams follow these practical steps before deploying the policy massively: check that endpoints are in Windows 11 25H2 and that meet the policy conditions; test the uninstallation in a pilot group; monitor reinstallation attempts and record use metrics to assess impact on productivity; strengthen DLP policies and review them against flows in which IA tools can summarize or exfilter content; and, if required, apply additional restrictions using AppLocker, Microsoft Store policies or installation controls in Intune to avoid unwanted reinstallations.

In strategic terms, this measure shows that large suppliers are reacting to the mix of technical, regulatory and user experience concerns that generate the IA functions integrated into the operating systems. It is a useful option but not a complete solution: the effective governance of corporate IA requires technical policies, audit processes and user training to mitigate operational and data exposure risks.