Organizations now have more control over who can use GitHub-hosted runners in Actions. Admins can now disable the standard labels for hosted runners such as ubuntu-latest, as well as add macOS runners to runner groups.
What you can do with macOS runners
Restrict access to macOS runners: Limit which organizations, repositories, or workflows can use specific macOS runners through group-level permissions.
Enforce concurrency limits: Control how many macOS jobs can run simultaneously across teams and projects to manage capacity and costs.
Route jobs through policy: Reference runner groups by name in workflows to direct macOS jobs only to runners that meet your security requirements.
