Enhanced 2FA Management for Orgs and Enterprises [Public Preview]

Enterprise settings page with the selected option to enable two-factor authentication for all organizations within the enterprise. An option to enforce only secure methods of authentication is also been selected. There is a warning informing the admin that members without two-factor authentication will need to add it to re-gain access.

Enterprises now have more control over their two-factor authentication (2FA) policies for all members of their organization through an enhanced 2FA enrollment experience in GitHub.
With this update, enterprise and organization administrators can ensure that users are maintaining secure 2FA methods when accessing enterprise and org resources. Currently, GitHub defines SMS/text message as an insecure method of 2FA, and TOTP authentication applications, the GitHub Mobile app, security keys, and passkeys as secure methods. Members without a secure method of 2FA configured, or who have insecure 2FA configured, will be prompted to configure secure 2FA before being allowed to access resources.

Enterprises can enable this new 2FA policy alongside a general 2FA requirement for their members, and current enterprises with a 2FA requirement can update their 2FA settings to add this secure methods enforcement. Members who are non-compliant with the new 2FA policy will no longer be removed from organizations, lessening a historical friction around enforcing 2FA policies at an enterprise or organization level, and instead be prevented from accessing enterprise or organization resources while non-compliant.

This new policy enables enterprises to protect their resources by only allowing access for users who meet the required security standards, without compromising organization membership integrity.

Learn more about the new enterprise policy for requiring only secure methods of two-factor authentication and about how GitHub is securing developer accounts using 2FA.

Accessibility improvements for security overview

New accessibility enhancements to the security overview data visuals make it easier and more inclusive for everyone to interact with and understand code security insights.

Graph showing open alerts by severity on the security overview dashboard, with enhanced accessibility

What’s new?

  • Improved visual accessibility: Enhanced color contrast and better support for users with low vision, making it easier to interpret data visuals.
  • Keyboard navigation enhancements: Full keyboard-only navigation, including a clearly visible focus indicator, for smoother interactions without a mouse.
  • Assistive technology support: Improved compatibility with screen readers for better navigation and understanding of content.

These updates are now generally available on GitHub Enterprise Cloud and will be included in GitHub Enterprise Server 3.16.

Join the discussion in the GitHub Community and read more about GitHub’s commitment to accessibility

See more

Dependabot can now perform version updates for the .NET SDK

Dependabot can now keep you up to date with the latest version of the .NET SDK by updating the global.json file in your repository. You can enable updates for the .NET SDK by adding a dotnet-sdk entry to your dependabot.yml file. At this time, Dependabot will not create security alerts for the .NET SDK, although performing regular version updates will ensure you’re always using the latest .NET SDK.

See our documentation to learn more about configuring Dependabot.

See more
View all changes