diff --git a/.github/workflows/protected-files.yaml b/.github/workflows/protected-files.yaml
index 1811f69a93d8..84a962a9726d 100644
--- a/.github/workflows/protected-files.yaml
+++ b/.github/workflows/protected-files.yaml
@@ -6,32 +6,34 @@ jobs:
   protected-files:
     name: Protected Files
 
-    # Always allow bot account 'azure-sdk' to update protected files
-    if: ${{ github.event.pull_request.user.login != 'azure-sdk' }}
-
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
-      with:
-        # Required since "HEAD^" is passed to Get-ChangedFiles
-        fetch-depth: 2
-
-    - name: Detect changes to protected files
-      run: |
-        . eng/scripts/ChangedFiles-Functions.ps1
-
-        $protectedFiles = @("package.json", "package-lock.json")
-        $changedFiles = @(Get-ChangedFiles -baseCommitish HEAD^ -targetCommitish HEAD -diffFilter "")
-        $matchedFiles = @($protectedFiles | Where-Object { $changedFiles -contains $_})
-
-        if ($matchedFiles.Count -gt 0) {
-          foreach ($file in $matchedFiles) {
-            Write-Output "::error file=$file::File '$file' should only be updated by the Azure SDK team.  If intentional, the PR may be merged by the Azure SDK team via bypassing the branch protections."
+      # Always allow bot account 'azure-sdk' to update protected files.
+      # Since check is required, the job itself cannot be skipped, but all steps can.
+
+      - uses: actions/checkout@v4
+        if: github.event.pull_request.user.login != 'azure-sdk'
+        with:
+          # Required since "HEAD^" is passed to Get-ChangedFiles
+          fetch-depth: 2
+
+      - name: Detect changes to protected files
+        if: github.event.pull_request.user.login != 'azure-sdk'
+        run: |
+          . eng/scripts/ChangedFiles-Functions.ps1
+
+          $protectedFiles = @("package.json", "package-lock.json")
+          $changedFiles = @(Get-ChangedFiles -baseCommitish HEAD^ -targetCommitish HEAD -diffFilter "")
+          $matchedFiles = @($protectedFiles | Where-Object { $changedFiles -contains $_})
+
+          if ($matchedFiles.Count -gt 0) {
+            foreach ($file in $matchedFiles) {
+              Write-Output "::error file=$file::File '$file' should only be updated by the Azure SDK team.  If intentional, the PR may be merged by the Azure SDK team via bypassing the branch protections."
+            }
+            exit 1
+          }
+          else {
+            Write-Output "No changes to protected files: [$($protectedFiles -join ', ')]"
           }
-          exit 1
-        }
-        else {
-          Write-Output "No changes to protected files: [$($protectedFiles -join ', ')]"
-        }
-      shell: pwsh
+        shell: pwsh