Enterprise Security and Governance on GitHub: Best Practices from Ignite 2025
Microsoft Events presents a session led by Collin McNeese and April Yoho at Ignite 2025, detailing how platform teams use GitHub governance and security practices to accelerate onboarding and enforce policies at scale.
Enterprise Security and Governance on GitHub: Best Practices from Ignite 2025
Speakers: Collin McNeese, April Yoho
Session Type: Advanced (300), Microsoft Ignite 2025
Overview
Balancing robust security needs with developer velocity is crucial for today’s enterprise teams. This session examines how large organizations utilize GitHub’s advanced features for governance, onboarding, and cross-functional collaboration, focusing on:
- GitHub Well Architected Framework
- Custom properties and security configurations at the organization level
- Automated rule enforcement and consistent policy application
- Role-based security policy setup
- Dev containers for development consistency and control
- Demonstrations around governance, metadata properties, and targeting
- Manual review processes and build validations in pull requests
- Artifact attestations and secure build verification
Key Topics
Governance and Policy Enforcement
- Setting up rule sets governing repository access and contributions
- Using organization-wide security controls and policy layers
- Applying custom metadata for dynamic targeting
Developer Onboarding and Collaboration
- Streamlining onboarding through standardized workflows
- Supporting cross-functional collaboration at scale
Security Controls and Compliance
- Enforcing security controls with dev containers
- Validating builds via artifact attestations
- Manual and automated review processes for increased security
- Ensuring consistent validation and compliance for thousands of users
Resources
- GitHub Advanced Security
- DevSecOps Solutions
- GitHub Enterprise
- GitHub Copilot Features
- Microsoft Ignite
Related Sessions
Chapters at a Glance
- GitHub Well Architected Framework Overview
- Organization Custom Properties, Rule Sets, and Security Configurations
- Security Policy Setup and Role Explanations
- Consistency via Dev Containers and Security Controls
- Demonstration: Policy Enforcement and Governance
- Manual Review and Build Validation in Pull Requests
- Artifact Attestations: Secure Build Verification
Conclusion
The session concludes with a practical recap and links to further learning, emphasizing actionable steps for security, compliance, and developer agility with GitHub in enterprise settings.