Copilot Usage Reports Get a Stable GitHub Domain, Which Is Boring Until Your Firewall Breaks Finance

Nobody gets excited about download URLs until the monthly AI bill is due and the firewall has quietly blocked the report finance needed yesterday.

GitHub migrated Copilot usage metrics report download links from Azure Front Door patterns to stable GitHub-owned domains. For GitHub.com customers, report links now use https://copilot-reports.github.com/... instead of https://copilot-reports-*.b01.azurefd.net/...; GHE.com customers get https://copilot-reports.SUBDOMAIN.ghe.com/.... This is not glamorous, but it is exactly the sort of enterprise plumbing that decides whether AI cost governance works reliably or gets blocked by a proxy rule nobody owns.

The boring URL is an operations dependency

• New GitHub.com report URL pattern: https://copilot-reports.github.com/....
• Previous GitHub.com pattern: https://copilot-reports-*.b01.azurefd.net/....
• New GHE.com pattern: https://copilot-reports.SUBDOMAIN.ghe.com/..., replacing the same Azure Front Door wildcard pattern.
• GitHub says legacy copilot-reports-*.b01.azurefd.net links will keep working during a transition period but will eventually be deprecated.
• Organizations using firewall or proxy allowlists should add https://copilot-reports.github.com for GitHub.com or the GHE.com subdomain-specific equivalent.
• GitHub notes that rare Azure Front Door outages may cause report downloads to fall back to direct Azure Blob Storage URLs (*.blob.core.windows.net), so uninterrupted access may require that allowlist too.
• The Copilot Usage Metrics API returns signed download links for enterprise, organization, team, user, SKU, and user-team reports, including 1-day and 28-day report variants.
• GitHub docs say usage reports are generated daily, available through limited-expiration signed URLs, and historical report access goes back up to 1 year for reports available from October 10, 2025 onward.
• Access requires appropriate enterprise/billing permissions such as “View Enterprise Copilot Metrics”; OAuth/PAT examples mention scopes such as manage_billing:copilot or read:enterprise depending on endpoint.
• GitHub’s usage docs warn that Copilot moves from request-based billing to usage-based billing starting June 1, 2026.
• HN Algolia returned 0 matching stories for the exact usage-metrics report query.

No public HN discussion surfaced for the exact report-URL change, and that is fine. Firewall domains are not hacker-news candy. The practitioners who care are enterprise platform engineers, security teams, finance analysts, and whoever gets paged when the Copilot dashboard cannot download the CSV needed for month-end chargeback.

This is the least flashy Copilot story of the day and arguably the most enterprise-real. Usage governance depends on boring pipes: API endpoints, signed URLs, stable domains, proxy rules, fallback behavior, permissions, report retention, and automation that does not break when infrastructure moves. If the download URL is an Azure wildcard that shifts under redeploys, every enterprise allowlist becomes a future support ticket. Moving to a GitHub-owned domain is the kind of change mature SaaS products make when they realize the customer’s firewall is part of the product surface.

It also lands at the right moment. GitHub’s docs are explicit: Copilot is moving from request-based billing to usage-based billing on June 1, 2026. At the same time, Copilot has model multipliers, Auto routing, cloud-agent sessions, Spaces, code review, CLI usage, OpenAI Codex VS Code integration, third-party coding agents, and product-specific SKUs. That means AI coding cost is no longer a single seat-count line item. It is usage data by surface, model, team, and workflow. If report downloads are flaky, your governance program is fake.

For builders and platform teams, the action item is concrete. Update firewall and proxy allowlists now. Validate that automated report ingestion follows redirects, handles signed URL expiration, and can reach fallback Blob Storage if your org requires uninterrupted downloads. Then test the actual reporting pipeline before the billing cutover: can finance pull 28-day reports, can engineering managers see team-level usage, can security audit access to the reports, and can you reconcile model-policy changes with usage spikes?

This also belongs in the coding-agent governance hub because cost visibility is a safety feature. Teams talk about sandboxing, secrets, and approvals — correctly — but uncontrolled spend is also a failure mode. A coding agent that silently burns budget, or a reporting pipeline that silently stops downloading, creates pressure to yank tools abruptly instead of governing them intelligently. Stable reporting URLs will not make anyone cheer. They will make the adult supervision possible.

The comparison angle matters too. Claude Code cost conversations are increasingly explicit. Codex CLI is adding richer usage/status surfaces. Copilot is packaging reports, APIs, and enterprise domains into the GitHub control plane. If you are choosing a coding-agent stack for a company, ask how usage data gets from the agent runtime into finance and platform dashboards. If the answer is “we can probably scrape it,” request changes.

Read this as AI coding governance plumbing, not a URL-change footnote. The take: once Copilot billing becomes usage-based, stable report downloads are the difference between cost management and spreadsheet archaeology.

Sources: GitHub Changelog — Copilot usage metrics reports now use GitHub-owned download URLs, GitHub REST Docs — Copilot usage metrics API, GitHub Docs — Copilot allowlist reference, GitHub Docs — Monitoring Copilot usage and entitlements, HN Algolia exact-title search