surashed
diff --git a/‎.azure-pipelines/azure-pipelines-data-container.yml
Lines changed: 1 addition & 0 deletions b/‎.azure-pipelines/azure-pipelines-data-container.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/CODEOWNERS
Lines changed: 4 additions & 4 deletions b/‎.github/CODEOWNERS
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/dependabot.yml
Lines changed: 6 additions & 1 deletion b/‎.github/dependabot.yml
Lines changed: 6 additions & 1 deletion
diff --git a/‎.github/workflows/protected-files.yaml
Lines changed: 33 additions & 22 deletions b/‎.github/workflows/protected-files.yaml
Lines changed: 33 additions & 22 deletions
diff --git a/‎azure-pipelines.yml
Lines changed: 1 addition & 0 deletions b/‎azure-pipelines.yml
Lines changed: 1 addition & 0 deletions
@@ -7,6 +7,7 @@ schedules:
   always: true
 
 pool:
+  name: azsdk-pool-mms-ubuntu-2204-general
   vmImage: 'Ubuntu-22.04'
 
 variables:
 
@@ -111,7 +111,7 @@
 /specification/deviceregistry/ @marcodalessandro @rohankhandelwal @riteshrao
 
 # PRLabel: %Device Update
-/specification/deviceupdate/data-plane/ @mikekistler @Azure/api-stewardship-board
+/specification/deviceupdate/data-plane/ @Azure/api-stewardship-board
 
 /specification/documentdb/ @dmakwana
 
@@ -142,7 +142,7 @@
 /specification/keyvault/ @heaths @randallilama @jlichwa
 
 # PRLabel: %Load Test Service
-/specification/loadtestservice/data-plane/ @mikekistler @Azure/api-stewardship-board
+/specification/loadtestservice/data-plane/ @Azure/api-stewardship-board
 
 # PRLabel: %Logic App
 /specification/logic/ @pankajsn @tonytang-microsoft-com
@@ -182,7 +182,7 @@
 /specification/powerbidedicated/ @tarostok
 
 # PRLabel: %Purview
-/specification/purview/data-plane @mikekistler @Azure/api-stewardship-board
+/specification/purview/data-plane @Azure/api-stewardship-board
 
 # PRLabel: %PostgreSQL
 /specification/postgresql/** @Azure/azure-sdk-write-postgresql
@@ -288,4 +288,4 @@
 /.github/           @weshaggard @mikeharder @benbp
 /eng/               @weshaggard @mikeharder @benbp
 /scripts/           @weshaggard @mikeharder
-/.github/CODEOWNERS @Azure/azure-sdk-eng
+/.github/CODEOWNERS @Azure/azure-sdk-eng
@@ -5,4 +5,9 @@ updates:
     schedule:
       interval: "daily"
     allow:
-      - dependency-name: "@azure-tools/typespec-client-generator-cli"
+      - dependency-name: "@azure-tools/*"
+      - dependency-name: "@typespec/*"
+    groups:
+      typespec:
+        patterns:
+          - "*"
@@ -2,33 +2,44 @@ name: Protected Files
 
 on: pull_request
 
+env:
+  # Users allowed to edit protected files without failing check
+  user-allowed: ${{ github.event.pull_request.user.login == 'azure-sdk' || github.event.pull_request.user.login == 'dependabot[bot]' }}
+
 jobs:
   protected-files:
     name: Protected Files
 
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
-      with:
-        # Required since "HEAD^" is passed to Get-ChangedFiles
-        fetch-depth: 2
-
-    - name: Detect changes to protected files
-      run: |
-        . eng/scripts/ChangedFiles-Functions.ps1
-
-        $protectedFiles = @("package.json", "package-lock.json")
-        $changedFiles = @(Get-ChangedFiles -baseCommitish HEAD^ -targetCommitish HEAD -diffFilter "")
-        $matchedFiles = @($protectedFiles | Where-Object { $changedFiles -contains $_})
-
-        if ($matchedFiles.Count -gt 0) {
-          foreach ($file in $matchedFiles) {
-            Write-Output "::error file=$file::File '$file' should only be updated by the Azure SDK team.  If intentional, the PR may be merged by the Azure SDK team via bypassing the branch protections."
+      # Since check is required, the job must pass instead of being skipped
+      - name: User allowed
+        if: ${{ env.user-allowed == 'true' }}
+        run: echo "Account '${{ github.event.pull_request.user.login }}' is allowed to update protected files"
+
+      - uses: actions/checkout@v4
+        if: ${{ env.user-allowed != 'true' }}
+        with:
+          # Required since "HEAD^" is passed to Get-ChangedFiles
+          fetch-depth: 2
+
+      - name: Detect changes to protected files
+        if: ${{ env.user-allowed != 'true' }}
+        run: |
+          . eng/scripts/ChangedFiles-Functions.ps1
+
+          $protectedFiles = @("package.json", "package-lock.json")
+          $changedFiles = @(Get-ChangedFiles -baseCommitish HEAD^ -targetCommitish HEAD -diffFilter "")
+          $matchedFiles = @($protectedFiles | Where-Object { $changedFiles -contains $_})
+
+          if ($matchedFiles.Count -gt 0) {
+            foreach ($file in $matchedFiles) {
+              Write-Output "::error file=$file::File '$file' should only be updated by the Azure SDK team.  If intentional, the PR may be merged by the Azure SDK team via bypassing the branch protections."
+            }
+            exit 1
+          }
+          else {
+            Write-Output "No changes to protected files: [$($protectedFiles -join ', ')]"
           }
-          exit 1
-        }
-        else {
-          Write-Output "No changes to protected files: [$($protectedFiles -join ', ')]"
-        }
-      shell: pwsh
+        shell: pwsh
@@ -1,6 +1,7 @@
 name: "Azure OpenAPI"
 
 pool:
+  name: azsdk-pool-mms-ubuntu-2004-general
   vmImage: 'Ubuntu-20.04'
 
 trigger: