Organization owners have several features to help them keep their projects and data secure. If you're the owner of an organization, you should regularly review your organization's audit log, member 2FA status, and application settings to ensure that no unauthorized or malicious activity has occurred.
You can see which organization owners, members, and outside collaborators have enabled two-factor authentication.
Before requiring two-factor authentication (2FA), you can notify users about the upcoming change and verify who already uses 2FA.
Organization owners can require organization members and outside collaborators to enable two-factor authentication for their personal accounts, making it harder for malicious actors to access an organization's repositories and settings.
The audit log allows organization admins to quickly review the actions performed by members of your organization. It includes details such as who performed the action, what the action was, and when it was performed.
Review the applications managed by your organization to verify that no new applications with expansive permissions were authorized and that the callback URLs haven't changed.