Reducing costs and hardening security for a leading emergency services organisation

Azenix partnered with GitHub to perform a ‘FastTrack’ migration of the client’s source control management system onto GitHub Enterprise Cloud EMU (Enterprise Managed Users). Throughout the process, we delivered expert training to ensure that Engineers were left with the confidence to be self-sufficient in daily operations upon conclusion of the engagement.


State Government


Migration to GitHub Enterprise Cloud EMU (Enterprise Managed Users). Expert training. Change management. Configuration as code.

Key Takeaways


Creation of a centrally managed identity and access on GitHub from their Azure AD identity provider.


Security posture enhancement, including enabling the use of single sign-on with multi-factor authentication.


Expert training was provided to the client by Azenix’s GitHub Accredited Engineers.

Company overview

Company Overview

The organisation is a Government-funded emergency service, employing over 1,000 staff, including a development team of around 80 people. Their mission includes protecting the community and minimising the impact of emergencies by providing training, community education, prevention and operational capability. They have attended over 22,000 incidents across their jurisdiction in 2020/21. As a Government department, they have been given a strategic direction to move their IT operations to the cloud.

The problem

The client’s business driver was to reduce the expense and operational overhead of maintaining their own on-premises GitHub Enterprise Server. The lack of multi- factor authentication (MFA) was also compromising the organisation’s security posture. 

A disconnect between their Azure AD Identification Provider (IdP) and their GitHub Enterprise Server resulted in double-handling of administration, with onboarding/offboarding friction due to security (VPN) requirements, access permissions and licence provisioning.

Azenix was engaged as a trusted GitHub partner. Our close relationship with Microsoft and GitHub enabled us to engage on this project directly with members of the US GitHub team, under the Microsoft FastTrack Program.

The solution

Rather than simply delivering a solution in isolation, the Azenix team fully integrated with the organisation’s IT Ops team to ensure a collaborative approach. Our team also guided the client during the solution design process. GitHub Enterprise Cloud EMU (Enterprise Managed Users) was chosen to meet their stringent security requirements. 

Integrating IdP Azure Active Directory with GitHub Enterprise Managed Users removed the toil of manually handling the onboarding and offboarding of developers. We also consolidated redundant security groups and streamlined Role Based Access Control (RBAC) to GitHub.

A lightweight configuration as code solution (Probot Settings) was implemented to enable pull-request based configuration and repository templating. Branch protections and codeowners policies were also put in place to ensure code quality and security. 

Our proven change management strategy mitigated the risk of disruption to development teams, ensuring zero down-time throughout the whole migration process. Integrations with existing CI/CD (TeamCity), Telemetry (Splunk), and planning (Jira) systems were maintained to ensure business continuity.

Key products/services we used

  • Rapid prototyping, demonstrating GitHub’s capabilities and increasing the confidence of key stakeholders that GitHub Enterprise Cloud EMU was the best choice.
  • The team followed an Agile methodology. Azenix and the team performed daily standups and provided weekly status updates to ensure key stakeholders had visibility of any risks or issues.
  • We facilitated a series of knowledge sharing brown bags to upskill engineering and leadership teams on a range of topics, including GitHub Administration, GitHub Actions, and GitHub Advanced Security.

The results

The project commenced in late November 2021 and ran for a duration of six weeks, resulting in a cost reduction by migrating to a fully managed service. IdP integration also increased efficiency in onboarding/offboarding, with GitHub access, licensing, SSO and MFA all managed centrally through Azure AD. 

Configuration as code has also enhanced the consistency, traceability and security of GitHub configuration. 

Key personnel have received expert training from Azenix, and the client was able to achieve significant steps towards meeting their 'Cloud-First' mandate.