Hi Luuk,
On current Windows builds you need a layered control because “Copilot” is no longer a single feature; it’s a mix of a legacy OS policy, a packaged app, and separate service integrations. Relying only on the old CSP will not fully meet your compliance requirement.
For policy-based disablement, use the native Intune Settings Catalog setting Windows AI → “Turn off Copilot in Windows (User)” = Enabled, which is Microsoft’s supported replacement for the deprecated CSP and fully disables the OS-level Copilot entry points (taskbar UI, Win+C, invocation APIs). The legacy OMA-URI ./User/Vendor/MSFT/Policy/Config/WindowsAI/TurnOffWindowsCopilot with value 1 still maps to the same control but is explicitly deprecated and should not be your primary enforcement going forward.
On Windows 11 24H2 and later, Copilot is delivered as a packaged app, so you must additionally block execution; the clean enterprise method is an AppLocker or App Control for Business deny rule targeting publisher CN=MICROSOFT CORPORATION and package name MICROSOFT.COPILOT to prevent launches even if provisioned or reinstalled. For stronger control, deploy the newer RemoveMicrosoftCopilotApp policy (available via recent Windows updates) through Intune or GPO to uninstall the provisioned Copilot app where eligible, noting it only removes non-user-installed instances and may require ongoing enforcement.
Finally, understand this only disables the Windows Copilot shell; AI features in Microsoft 365 apps, Edge sidebar Copilot, or web endpoints are governed by separate policies and must be disabled independently (Edge administrative templates, M365 Copilot service controls), otherwise users still retain access via those channels.
Harry.