Certainly I’m aware of this option.
The one additional caveat that perhaps was not clear is that I want all repos to be visible to everyone in my group, i.e. disallow private repos.
Obviously this is akin to the “internal” setting, but that would allow external collaborators to see all repos just by logging in.
If I restrict the number of allowed repos to zero, then I could force all repos to be within the group, but the only people that could create new repos would have to have the “master” status. This is not ideal because I’d like to keep the ability to protect the master branch.
In my mind what would be ideal is if I could allow the developers access level to create repos in a group.