Skip to content

Azure private networking for GitHub-hosted runners – Public Beta

Today we're announcing that Private Networking for GitHub-hosted runners with Azure Virtual Networks (VNET) is now in public beta. This feature allows GitHub Enterprise customers using Azure to integrate their GitHub-hosted runners directly into an Azure VNET under their Azure account.

Key Benefits

What sets this apart is the dual advantage it offers. On one hand, you can continue to enjoy the benefits of GitHub-managed resources. On the other hand, you gain full control over the networking policies applied to those resources. Once your GitHub-hosted runners are connected to your Azure VNET, your Actions workflows can securely access Azure services like Azure Storage and on-premises data sources such as artifactory through existing, pre-configured connections like VPN gateways and ExpressRoutes.

Security is also front and center in this update. Any existing or new networking policies, such as Network Security Group (NSG) rules, will automatically apply to GitHub-hosted runners giving platform administrators comprehensive control over network security.

To further simplify the management of Azure private networking settings across different business units, we're introducing Network Configurations. This feature allows administrators to consolidate various networking settings and assign them to runner groups based on specific operational needs. For example, production-grade runners can be configured with stricter networking policies using a dedicated Azure VNET, as opposed to runners used for testing or staging environments.


Starting today, Azure Private Networking and Network Configurations are available in public beta for GitHub Enterprise Cloud users. To get started, navigate to the 'Hosted Compute Networking' section within your Enterprise settings. For more details, consult our documentation.

We're eager to hear your feedback to further improve this feature. Share your thoughts on our GitHub Community Discussion.

Users who are not part of the mandatory 2FA program will now be added to it within 24 hours of creating their first release. In August we expanded the 2FA requirement to include most users that had created a release. Those groups have now completed their 2FA enrollment, but additional developers have since created their first release. They will be added to the 2FA program in the coming days, as will more users over time as they create releases.

Enterprise or organization administrators can learn more about their users' current 2FA requirements by visiting the People page for their enterprise or organization.

To learn more about the 2FA program, see our May 2023 blog post, as well as the “About the mandatory 2FA program” documentation.

See more