Navigate

Check: WN11-00-000125

Microsoft Windows 11 STIG: WN11-00-000125 (in version v2 r5)

Title

Copilot must be disabled for Windows 11. (Cat II impact)

Discussion

Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Turning off this capability will prevent potentially sensitive information from being sent outside the enterprise and uncontrolled updates to the system.

Check Content

Run the following PowerShell command as an administrator: Get-AppxPackage -AllUsers | Where-Object { $_.Name -like "*Copilot*" } If Microsoft.Copilot displays, this is a finding.

Fix Text

Open PowerShell as an administrator. Run the following command: Get-AppxPackage -AllUsers *CoPilot* | Remove-AppxPackage -AllUsers

Additional Identifiers

Rule ID: SV-268317r1135320_rule

Vulnerability ID: V-268317

Group Title: SRG-OS-000096-GPOS-00050

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000382	Configure the system to prohibit or restrict the use of organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality