Microsoft does this a lot, where they assume that rules that apply to their own organisations apply to all organisations in precisely the same way. If a Microsoft IC leaves, they should lose access to all Git repos, including forks.
If Joe Random open-source contributor is removed from an open source repo's access list, their fork shouldn't be wiped.
But Microsoft has One Rule To Rule Them All, so they won't make exceptions for unimportant people like their customers.
I see this a lot. A good example is Azure Active Directory, which is basically "Microsoft 365 Authentication" that they rebranded and sold to developers for their own use, i.e.: Azure AD Enterprise Apps, App Registrations, and B2C.
There are many aspects of the AAD design that make zero sense until you pause for a second and realise that it is not designed for you. It's designed for Microsoft 365!
For example, auditing. My customers are typically government agencies or banks, and they have strict auditing requirements, especially related to data access. All user authentication MUST be logged, including client IP address, and everything else. Most access is by their own staff, or by other orgs that have signed various contracts or agreements, so there is no expectation of privacy.
This is basically impossible with many configurations of AAD. It just refuses to collect meaningful audit logs. Why? Because GDPR applies to Microsoft 365 and they don't care about the data hosted on services such as SharePoint Online. That's not Microsoft's data, that's their customers' data, so its up to the customers to enable logging "on their end", in their individual AAD tenants.
There is no way to centrally collect logs as a service provider using AAD in a multi-tenant scenario.
When I asked Microsoft about this, they waffled on about GDPR and privacy regulations -- which apply to them, but not us.
Another example is Microsoft Teams, which hides the name of the organisation people are coming from. In large multi-org meetings this is infuriating, because you have no idea where anyone is from. Microsoft does this because they use outsourcers like MindTree for support, and they don't want their customers to see this in Teams meetings for Azure support tickets. No-one is allowed to see where people are from so that Microsoft can bullshit their customers.