GitHub Enterprise pricing is opaque, Copilot add-ons are proliferating, and most enterprise buyers don't know what peers are paying. This guide demystifies GitHub Enterprise licensing and shows you how to negotiate.
Since Microsoft's acquisition of GitHub in 2018, GitHub has evolved from an independent developer platform into a central component of Microsoft's enterprise software portfolio. For enterprise buyers, this means GitHub Enterprise is now negotiated alongside M365, Azure, and Dynamics 365 — and can be included in Enterprise Agreement structures for consolidated discounting.
GitHub's enterprise product portfolio now spans four main areas. The core platform (GHEC or GHES) provides secure, enterprise-grade source control, collaboration, and CI/CD. GitHub Copilot provides AI-assisted code generation at the individual developer and organisation levels. GitHub Advanced Security provides code scanning, secret detection, and dependency review for regulated or security-conscious organisations. GitHub Actions provides cloud-hosted compute for CI/CD workflows with enterprise runner management. Understanding these four layers — and which your organisation genuinely needs — is the starting point for GitHub licensing optimisation as part of your Microsoft EA.
The most consequential GitHub Enterprise licensing decision is whether to run GitHub Enterprise Cloud (GHEC) or GitHub Enterprise Server (GHES). Each has distinct commercial, operational, and security trade-offs.
Want independent help negotiating better terms? We rank the top advisory firms across 14 vendor categories — free matching, no commitment.
| Factor | GitHub Enterprise Cloud (GHEC) | GitHub Enterprise Server (GHES) |
|---|---|---|
| Hosting | Microsoft-managed (github.com) | Self-hosted (on-prem or private cloud) |
| Pricing model | $21/user/month | $21/user/year (licence) + infrastructure |
| Total cost (1,000 users) | $252,000/year | $21,000/year licence + ~$50–150K infra |
| Maintenance burden | None — Microsoft managed | High — upgrades, backups, HA design |
| Data residency | US-based (with EU options via GHEC EMU) | Full control — your infrastructure |
| Air-gap support | No | Yes |
| GitHub Actions (cloud) | Included minutes | Self-hosted runners required |
| Always on latest features | Yes — continuous delivery | No — quarterly release cycle |
| Enterprise Managed Users (EMU) | Available | N/A |
For the majority of organisations — particularly those in early cloud modernisation phases — GHEC is the preferred option. The managed infrastructure model eliminates significant operational overhead and the per-user monthly pricing, while higher than GHES licence cost, is often offset by the avoided infrastructure investment. GHES remains the right answer for classified environments, air-gapped deployments, and organisations with strict contractual or regulatory data residency requirements that GHEC's data centre options cannot satisfy.
GitHub Enterprise Cloud with Enterprise Managed Users (GHEC EMU) is a GHEC variant that provides full corporate identity management — all user accounts are provisioned and managed through your Azure AD/Entra ID. EMU is ideal for organisations requiring that no developer can use a personal GitHub account for corporate work. EMU accounts cannot access the broader public github.com ecosystem, which is a trade-off to consider for open-source contribution policies.
GitHub Enterprise licensing is per-user, with annual commitment required for the published rate. Understanding exactly who requires a paid seat — and who does not — is the critical cost control lever before committing to a seat count.
| User Type | GHEC Seat Required? | Notes |
|---|---|---|
| Employee — commits to private repos | Yes | Core licensed user |
| Contractor — uses company GitHub org | Yes | Must be licensed if accessing private repos |
| External collaborator — private repos | Depends | Outside contributors to private repos require seat |
| External collaborator — public repos | No | Public repo contributors are free |
| Read-only observers | Depends | Read access to private repos requires seat |
| Bot/automation accounts | Machine user | Service accounts need machine user licence |
| Dormant users (>90 days inactive) | Can remove | Review and remove before renewal to save cost |
A common oversight in GitHub seat counting is including all employees when only a subset actively use GitHub. IT staff, platform engineers, DevOps, security team members, and data engineers increasingly use GitHub — but many organisations only count "software developers" in their initial seat estimate and then face compliance issues later. Audit actual GitHub org membership against your planned seat count before signing.
GitHub Enterprise does not automatically deactivate dormant users. Run a member activity audit 60 days before renewal and deactivate users inactive for 90+ days. In organisations with significant contractor turnover, 15–25% of active GHEC seats are commonly unused. Removing dormant users before the renewal count is a direct, immediate cost reduction.
GitHub Copilot has become one of the most significant AI licensing decisions in enterprise software. With two commercial tiers — Copilot Business and Copilot Enterprise — the question is not whether to deploy Copilot, but which tier is appropriate for which user population and how to manage the ROI calculation.
Get the IT Negotiation Playbook — free
Used by 4,200+ IT directors and procurement leads. Oracle, Microsoft, SAP, Cloud — all covered.
| Feature | GitHub Copilot Business ($19/user/mo) | GitHub Copilot Enterprise ($39/user/mo) |
|---|---|---|
| IDE code suggestions | ✓ | ✓ |
| Code completion in PRs | ✓ | ✓ |
| Copilot Chat (IDE + GitHub.com) | ✓ | ✓ |
| Organisation-wide policy controls | ✓ | ✓ |
| Codebase-aware completions (private repos) | ✗ | ✓ |
| Documentation search (Copilot knowledge bases) | ✗ | ✓ |
| Pull request summaries | ✗ | ✓ |
| Fine-tuned model on your codebase | ✗ | ✓ |
| IP indemnification | ✓ | ✓ |
For most enterprise development teams, GitHub Copilot Business is the appropriate starting point. The $19/user/month price point has a compelling ROI calculation against developer compensation cost — even a 5% productivity improvement on a $150K all-in developer role recoup the full annual Copilot Business licence cost. Copilot Enterprise at $39/user/month is justified for teams with large, complex proprietary codebases where context-aware completions that understand your specific architecture, patterns, and internal libraries deliver materially better suggestions. See our analysis of Microsoft Copilot licensing across the full Microsoft stack for a broader AI productivity investment framework.
GitHub Advanced Security is an add-on to GitHub Enterprise that provides code scanning (static analysis for vulnerabilities), secret scanning (detecting API keys, tokens, and credentials committed to repositories), and dependency review (catching vulnerable dependencies in PRs before they're merged). GHAS is priced per active committer per month — typically $49/active committer/month, making it a significant additional investment on top of base GitHub Enterprise licences.
GHAS is most compelling for organisations in regulated industries (financial services, healthcare, government), organisations with significant custom application development, or those that have experienced security incidents related to code vulnerabilities or committed secrets. For organisations already running a mature application security programme with third-party SAST/SCA tools (Snyk, Veracode, Checkmarx), GHAS may be redundant — and the existing tooling may deliver better results for certain vulnerability classes. Evaluate GHAS against your existing security tooling before purchasing, rather than treating it as an automatic add-on to GHEC.
One of the most underutilised cost optimisation strategies for large Microsoft customers is including GitHub Enterprise in the Microsoft Enterprise Agreement. This is possible for most enterprise customers and delivers three commercial benefits.
Consolidated billing: GitHub spend is consolidated under the EA rather than managed as a separate subscription, simplifying procurement and reducing administrative overhead for large organisations with thousands of developers.
Volume discount application: Including GitHub in the EA scope allows your total Microsoft spend — M365, Azure, Dynamics, GitHub — to be considered holistically when negotiating volume discounts. A larger total commitment unlocks higher discount tiers across all products, including GitHub.
Strategic leverage: Microsoft values enterprise customers consolidating their entire developer platform under the Microsoft/GitHub ecosystem. The willingness to standardise on GHEC (rather than remaining on GitLab, Bitbucket, or Azure DevOps) creates leverage to negotiate better EA terms across your broader Microsoft portfolio. Present the GitHub consolidation decision explicitly in your EA negotiation as a strategic commitment that warrants recognition in pricing. For broader EA strategy context, see our EA renewal tactics guide.
Want to include GitHub in your Microsoft EA negotiation?
Expert GitHub Enterprise negotiation and right-sizing typically reduces developer platform costs by 15–25% at renewal.