We use GitHub Enterprise at work and only HTTPS is permitted for authentication.

The "insteadOf" git config is added to workstations and runners to convert attempted SSH connections over to HTTPS.

Why is SSH not permitted?

I have no knowledge of the risk assessment which led to the decision - above my pay-grade; another department; etc.

Like most corporate environments, “it is what it is” and we do our best to perform our jobs within these constraints.

Because "Enterprise". Some C-Level read about Cyber in an inflight magazine and decided "The Firewall" needs to be "locked down" to only allow essential traffic. So https it is!

I would presume because unless you control the GitHub account and the SSH key generation process (making sure to generate on smartcard), any developer can upload any old public key, and then do something like... commit it to a public git repo.

If you're logged in and have a SSH key added to your account, I believe Github UI will show you SSH clone command by default. Therefore I always clone with SSH, even public repos.