Set-AzSqlServerAudit does not work for subscriprion-moved SQL Server and storage accounts.

[mskyokkwt]

Description

When I run [Set-AzSqlServerAudit] with following options to setup the audit log for "subscription-moved" SQL Server and storage accounts, I encounter an error.

Set-AzSqlServerAudit -ResourceGroupName 'xxx' -ServerName 'xxx' -StorageAccountResourceId '/subscriptions//resourceGroups//providers/Microsoft.Storage/storageAccounts/'

or

Set-AzSqlServerAudit -ResourceGroupName 'target resource group' -ServerName 'target server' -BlobStorageTargetState Disabled

Error message:
Set-AzSqlServerAudit : Cannot find a storage account with the name ''. It either does not exist, associated with a different subscription or you do not have the appropriate credentials to access it.

Issue script & Debug output

$DebugPreference='Continue'

Set-AzSqlServerAudit -ResourceGroupName  'xxx' -ServerName 'xxx' -StorageAccountResourceId '/subscriptions/<target subscription>/resourceGroups/<target resource group>/providers/Microsoft.Storage/storageAccounts/<target storage account>'

DEBUG: 3:49:02 AM - [ConfigManager] Got [True] from [DisplaySecretsWarning], Module = [], Cmdlet = [].
DEBUG: 3:49:02 AM - SetAzSqlServerAudit begin processing with ParameterSet 'ServerParameterSet'.
DEBUG: 3:49:02 AM - using account id '<masked>'...
DEBUG: 3:49:02 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [Az.Sql], Cmdlet = [Set-AzSqlServerAudit]. Returning default value [True].
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/<target subscription>/resourceGroups/<target resource group>/providers/Microsoft.Sql/servers/<target SQL Server>/extendedAuditingSettings/default?api-version=2021-11-01-preview

Headers:
Accept-Language               : en-US
x-ms-client-request-id        : ede774d2-081f-4108-8d02-fc291dd42a26

Body:



DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
x-ms-request-id               : 1b1d7360-ab81-40d5-875a-5b24638f6d60
x-ms-operation-identifier     : tenantId=16b3c013-d300-468d-ac64-7eda0820b6d3,objectId=cf4706fe-ead5-4769-8883-2f14417bf0d3/southeastasia/b00acff8-91da-4a9b-911b-aa361c20b0e9
x-ms-ratelimit-remaining-subscription-reads: 249
x-ms-ratelimit-remaining-subscription-global-reads: 3749
x-ms-correlation-request-id   : d3697b58-e25f-4833-9058-ff7ddbc62c41
x-ms-routing-request-id       : SOUTHEASTASIA:20250827T034903Z:d3697b58-e25f-4833-9058-ff7ddbc62c41
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
X-Cache                       : CONFIG_NOCACHE
X-MSEdge-Ref                  : Ref A: 85A6CB3774A44CBF96F46C75B0787AB2 Ref B: MAA201060515011 Ref C: 2025-08-27T03:49:02Z
Date                          : Wed, 27 Aug 2025 03:49:02 GMT

Body:
{
  "properties": {
    "predicateExpression": "",
    "retentionDays": 0,
    "auditActionsAndGroups": [
      "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP",
      "FAILED_DATABASE_AUTHENTICATION_GROUP",
      "BATCH_COMPLETED_GROUP"
    ],
    "isStorageSecondaryKeyInUse": false,
    "isAzureMonitorTargetEnabled": false,
    "isManagedIdentityInUse": false,
    "state": "Enabled",
    "storageEndpoint": "<masked>",
    "storageAccountSubscriptionId": "<source subscription ID>"
  },
  "id": "/subscriptions/resourceGroups/<target resource group>/providers/Microsoft.Sql/servers/<target SQL Server>/extendedAuditingSettings/Default",
  "name": "Default",
  "type": "Microsoft.Sql/servers/extendedAuditingSettings"
}


DEBUG: [Common.Authentication]: Authenticating using Account: '<masked>', environment: 'AzureCloud', tenant: '<masked>'
DEBUG: 3:49:03 AM - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 3:49:03 AM - [ManagedServiceIdentityAuthenticator] Calling ManagedIdentityCredential.GetTokenAsync - TenantId:'<masked>', Scopes:'https://management.core.windows.net/', UserId:''
DEBUG: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://management.core.windows.net/ ] ParentRequestId: 
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] MSAL MSAL.CoreCLR with assembly version '4.65.0.0'. CorrelationId(3dd689c9-73ab-4088-8aa6-50b5b5eae348)
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] === AcquireTokenForManagedIdentityParameters ===
ForceRefresh: False
Resource: https://management.core.windows.net/
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] 
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net/
Extra Query Params Keys (space separated) - 
ApiId - AcquireTokenForSystemAssignedManagedIdentity
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 3dd689c9-73ab-4088-8aa6-50b5b5eae348
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured: 

DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] === Token Acquisition (ManagedIdentityAuthRequest) started:
         Scopes: https://management.core.windows.net/
        Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] [Internal cache] Total number of cache partitions found while getting access tokens: 1
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] [FindAccessTokenAsync] Discovered 1 access tokens in cache using partition key: system_assigned_managed_identity_managed_identity_AppTokenCache
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] [Region discovery] Not using a regional authority. 
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] Skipping Instance discovery for Aad authority because it is not enabled.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] Access token is not expired. Returning the found cache entry. [Current time (08/27/2025 03:49:03) - Expiration Time (08/27/2025 04:09:53 +00:00) - Extended Expiration Time (08/27/2025 03:14:16 +00:00)]
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] [ManagedIdentityRequest] Access token retrieved from cache.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] 
        === Token Acquisition finished successfully:
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348]  AT expiration time: 8/27/2025 4:09:53 AM +00:00, scopes: https://management.core.windows.net/. source: Cache
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] 
[LogMetricsFromAuthResult] Cache Refresh Reason: NotApplicable
[LogMetricsFromAuthResult] DurationInCacheInMs: 0
[LogMetricsFromAuthResult] DurationTotalInMs: 0
[LogMetricsFromAuthResult] DurationInHttpInMs: 0
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:03Z - 3dd689c9-73ab-4088-8aa6-50b5b5eae348] TokenEndpoint: ****
DEBUG: ManagedIdentityCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net/ ] ParentRequestId:  ExpiresOn: 2025-08-27T04:09:53.8355392+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '<masked>', UserId: '<masked>'
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com//subscriptions/<target subscription ID>/resourceGroups/<target resource group>/providers/Microsoft.Sql/servers/<SQL Server>/databases/master/providers/microsoft.insights/diagnosticSettings?api-version=2017-05-01-preview

Headers:
Accept-Language               : en-US
x-ms-client-request-id        : ede774d2-081f-4108-8d02-fc291dd42a26

Body:



DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : cf09c03b-3d5c-4ef6-8a64-4b520fa170ea
x-ms-operation-identifier     : tenantId=16b3c013-d300-468d-ac64-7eda0820b6d3,objectId=cf4706fe-ead5-4769-8883-2f14417bf0d3/southeastasia/3eb13fd5-96e0-4afc-a3a4-ce3a989595f8
x-ms-ratelimit-remaining-subscription-reads: 249
x-ms-ratelimit-remaining-subscription-global-reads: 3749
x-ms-correlation-request-id   : 0fc9947d-d2c6-469d-bbc9-31478adaf5cb
x-ms-routing-request-id       : SOUTHEASTASIA:20250827T034904Z:0fc9947d-d2c6-469d-bbc9-31478adaf5cb
X-Content-Type-Options        : nosniff
X-Cache                       : CONFIG_NOCACHE
X-MSEdge-Ref                  : Ref A: 2B7D6C6935784553A31991121D7A1A39 Ref B: MAA201060516021 Ref C: 2025-08-27T03:49:03Z
Date                          : Wed, 27 Aug 2025 03:49:03 GMT

Body:
{
  "value": []
}


DEBUG: [Common.Authentication]: Authenticating using Account: '<masked>', environment: 'AzureCloud', tenant: '<masked>'
DEBUG: 3:49:04 AM - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 3:49:04 AM - [ManagedServiceIdentityAuthenticator] Calling ManagedIdentityCredential.GetTokenAsync - TenantId:'1a092f68-5741-455a-8057-2acdb897a850', Scopes:'https://management.core.windows.net/', UserId:''
DEBUG: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://management.core.windows.net/ ] ParentRequestId: 
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] MSAL MSAL.CoreCLR with assembly version '4.65.0.0'. CorrelationId(cea7d931-2920-4d38-99f8-4afde732deac)
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] === AcquireTokenForManagedIdentityParameters ===
ForceRefresh: False
Resource: https://management.core.windows.net/
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] 
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net/
Extra Query Params Keys (space separated) - 
ApiId - AcquireTokenForSystemAssignedManagedIdentity
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - cea7d931-2920-4d38-99f8-4afde732deac
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured: 

DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] === Token Acquisition (ManagedIdentityAuthRequest) started:
         Scopes: https://management.core.windows.net/
        Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] [Internal cache] Total number of cache partitions found while getting access tokens: 1
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] [FindAccessTokenAsync] Discovered 1 access tokens in cache using partition key: system_assigned_managed_identity_managed_identity_AppTokenCache
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] [Region discovery] Not using a regional authority. 
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] Skipping Instance discovery for Aad authority because it is not enabled.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] Access token is not expired. Returning the found cache entry. [Current time (08/27/2025 03:49:04) - Expiration Time (08/27/2025 04:09:53 +00:00) - Extended Expiration Time (08/27/2025 03:14:16 +00:00)]
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] [ManagedIdentityRequest] Access token retrieved from cache.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] 
        === Token Acquisition finished successfully:
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac]  AT expiration time: 8/27/2025 4:09:53 AM +00:00, scopes: https://management.core.windows.net/. source: Cache
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] 
[LogMetricsFromAuthResult] Cache Refresh Reason: NotApplicable
[LogMetricsFromAuthResult] DurationInCacheInMs: 0
[LogMetricsFromAuthResult] DurationTotalInMs: 0
[LogMetricsFromAuthResult] DurationInHttpInMs: 0
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 9.0.8 Linux [2025-08-27 03:49:04Z - cea7d931-2920-4d38-99f8-4afde732deac] TokenEndpoint: ****
DEBUG: ManagedIdentityCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net/ ] ParentRequestId:  ExpiresOn: 2025-08-27T04:09:53.8355392+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '<masked>', UserId: '<masked>'
DEBUG: 3:49:05 AM - [ConfigManager] Got nothing from [EnableErrorRecordsPersistence], Module = [Az.Sql], Cmdlet = [Set-AzSqlServerAudit]. Returning default value [False].
Set-AzSqlServerAudit: Cannot find a storage account with the name '<storage account>'. It either does not exist, associated with a different subscription or you do not have the appropriate credentials to access it.
DEBUG: 3:49:05 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [Az.Sql], Cmdlet = [Set-AzSqlServerAudit]. Returning default value [True].
DEBUG: 3:49:05 AM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:49:05 AM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:49:05 AM - No authentication telemetry is found for the current cmdlet with Id ede774d2-081f-4108-8d02-fc291dd42a26.
DEBUG: AzureQoSEvent:  Module: Az.Sql:6.0.5; CommandName: Set-AzSqlServerAudit; PSVersion: 7.5.1; IsSuccess: False; Duration: 00:00:02.3172452; SanitizeDuration: 00:00:00; Exception: Cannot find a storage account with the name '<masked>'. It either does not exist, associated with a different subscription or you do not have the appropriate credentials to access it.;
DEBUG: 3:49:05 AM - [ConfigManager] Got [True] from [EnableDataCollection], Module = [], Cmdlet = [].
DEBUG: 3:49:05 AM - SetAzSqlServerAudit end processing.

Environment data

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.5.1
PSEdition                      Core
GitCommitId                    7.5.1
OS                             Microsoft Azure Linux 3.0
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

Get-Module Az* 

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     5.2.0                 Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script     10.2.0                Az.Compute                          {Add-AzGalleryInVMAccessControlProfileVersionRulesIdentity, Add-AzGalleryInVMAccessControlP…
Script     7.19.0                Az.Network                          {Add-AzApplicationGatewayAuthenticationCertificate, Add-AzApplicationGatewayBackendAddressP…
Script     8.1.0                 Az.Resources                        {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}
Script     9.1.0                 Az.Storage                          {Add-AzRmStorageContainerLegalHold, Add-AzStorageAccountManagementPolicyAction, Add-AzStora…
Script     1.1.3                 Az.Tools.Predictor                  {Disable-AzPredictor, Enable-AzPredictor, Open-AzPredictorSurvey, Send-AzPredictorRating}
Script     0.0.0.10              AzureAD.Standard.Preview            {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredOwner, Add-AzureADDeviceRegistered…
Script     0.9.3                 AzurePSDrive

Error output

HistoryId: 16

Message        : Cannot find a storage account with the name '<storage account>'. It either does not exist, associated with a different subscription or you do not have the 
                 appropriate credentials to access it.
StackTrace     :    at Microsoft.Azure.Commands.Sql.Common.AzureEndpointsCommunicator.RetrieveStorageAccountIdAsync(Guid storageAccountSubscriptionId, String 
                 storageAccountName)
                    at Microsoft.Azure.Commands.Sql.Auditing.Services.SqlAuditAdapter`2.ModelizeStorageInfo(AuditModelType model, String storageEndpoint, Nullable`1 
                 isSecondary, Nullable`1 storageAccountSubscriptionId, Boolean isAuditEnabled, Nullable`1 retentionDays)
                    at CallSite.Target(Closure, CallSite, SqlUserAuditAdapter`3, ServerAuditModel, Object, Object, Object, Object, Object, Object, Object)
                    at System.Dynamic.UpdateDelegates.UpdateAndExecuteVoid9[T0,T1,T2,T3,T4,T5,T6,T7,T8](CallSite site, T0 arg0, T1 arg1, T2 arg2, T3 arg3, T4 arg4, T5 arg5, 
                 T6 arg6, T7 arg7, T8 arg8)
                    at Microsoft.Azure.Commands.Sql.Auditing.Services.SqlUserAuditAdapter`3.ModelizeAuditPolicy(AuditModelType model, ExtendedAuditPolicyType policy)
                    at Microsoft.Azure.Commands.Sql.Auditing.Services.SqlAuditAdapter`2.GetAuditingSettings(String resourceGroup, String serverName, AuditModelType model)
                    at Microsoft.Azure.Commands.Sql.Auditing.Cmdlet.SqlServerAuditCmdlet`3.GetEntity()
                    at Microsoft.Azure.Commands.Sql.Common.AzureSqlCmdletBase`2.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.Exception
InvocationInfo : {Set-AzSqlServerAudit}
Line           : Set-AzSqlServerAudit -ResourceGroupName  '<resource group>' -ServerName '<SQL Server>' -StorageAccountResourceId 
                 '/subscriptions/<target subscription>/resourceGroups/<resource group>/providers/Microsoft.Storage/storageAccounts/<storage account>'
Position       : At line:1 char:1
                 + Set-AzSqlServerAudit -ResourceGroupName  'kkawata-rg2542issuereport'  …
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 16

[microsoft-github-policy-service]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @azureSQLGitHub.

[microsoft-github-policy-service]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @azureSQLGitHub.