// Governance

Introduces GitHub push rulesets, a governance feature that restricts what can be pushed to a repository based on the attributes of changed files—including path, extension, and size. The video demonstrates protecting sensitive files such as GitHub Actions workflow files, configuring bypass rules for designated roles, viewing blocked-push and bypass insights, and explains that push rules are enforced across the entire fork network of a repository.

Introduces enterprise repository policies in GitHub, a governance feature that lets administrators restrict repository operations—including visibility changes, creations, deletions, transfers, and naming—across all organizations in an enterprise account. The video also demonstrates repository properties defined at the enterprise level, giving organization admins consistent, inherited property values and requiring them at repository creation time to enforce compliance from day one.

Introduces GitHub's Private Mirrors App, a self-hosted or GitHub-managed tool that helps organizations contribute to open source projects while managing compliance, legal, and security risk. The app creates private mirrors mapped to public forks, enabling teams to run CI/CD checks and policy enforcement before syncing changes back to the public fork for upstream contribution. The video demonstrates forking an upstream project, configuring multiple team mirrors, and integrating with an Enterprise Managed Users organization.

Chris Nesbitt-Smith traces how governance policies are typically born — emotionally, reactively, and as one-shot documents — then shows how applying software engineering principles transforms policy into a living, versioned artefact. The talk covers iterative policy management, Kubernetes admission control, open-source policy tooling, and the cultural shift required to make policy genuinely effective rather than just technically compliant.

Azure RBAC is a critical security control — but managing custom role definitions manually is error-prone, hard to audit, and doesn't scale. In this episode, Chris is joined by Marcel Lupo, DevOps MVP and Solutions Architect, who demonstrates how GitHub Actions can automate the full lifecycle of custom Azure RBAC role definitions. This session goes beyond typical developer workflows to show how GitHub can serve as the governance backbone for your Azure security posture — with role definitions version-controlled, reviewed via pull requests, and deployed through automated pipelines.

Your monthly digest of what shipped across Azure, GitHub, and Azure DevOps in April 2022. Notable Azure updates include Container Apps managed identity preview, Static Web Apps private endpoints going GA, Managed Grafana integrations, Microsoft Purview (renamed from Azure Purview), and Cosmos DB autoscale improvements. On GitHub: secret scanning revocation, Codespaces monorepo support, accessibility colour-blind themes, and required deployments for branch protection. Plus Azure DevOps opt-in auditing, Bicep validation in PRs, and a personal update on the Go-based microservices event platform Chris has been building on Azure Container Apps.

Cloud migration is as much a people and process challenge as it is a technical one — a fact underscored by a 2020 Cloud Security Alliance study in which 90% of respondents reported a failed migration. In this episode, Chris is joined by Suzanne Tedrick, Azure Infrastructure Specialist at Microsoft and award-winning author of 'Women of Color in Tech', to explore how the Microsoft Cloud Adoption Framework provides a holistic, structured path to successful migrations. From governance and stakeholder alignment to multi-cloud strategy, this conversation covers the critical foundations every organisation needs before and during their cloud journey.

Chris Reddington is joined by Ivo, a cloud evangelist based in Belgium with hands-on experience transforming one of the country's largest telco providers. They explore how telecommunications companies are leveraging Azure to evolve from traditional connectivity providers into platform-scale service businesses — covering 5G, IoT, edge computing, AI/ML, Azure Arc, security, compliance, and the cultural challenges of cloud adoption in a regulated industry.

Asanka Abeysinghe, Chief Technology Evangelist at WSO2, introduces the cell-based reference architecture — a vendor-neutral, decentralised framework for cloud-native applications. The session explores microservices governance challenges, how Domain-Driven Design scopes service responsibilities into well-bounded cells, and how the cell-based model aligns architecture, development, and DevOps teams into cohesive autonomous units built around business domains.

Whether you're brand new to Azure or have been using it for some time, you have likely either heard of - or come across - Azure Security Center. It's a service which can prove extremely valuable in baselining, measuring and improving your security posture. But, did you know there is additional functionality beyond the free tier? You may have previously known this as the standard tier, or now know this as Azure Defender, where you can opt in for those Azure Services that you particularly want to protect.