diff --git a/.github/azure-devops/template.yml b/.github/azure-devops/template.yml
index b4f91759..4530319b 100644
--- a/.github/azure-devops/template.yml
+++ b/.github/azure-devops/template.yml
@@ -91,6 +91,9 @@ stages:
           - task: PRMetrics@1
             displayName: PR Metrics
             env:
+              # Fine-grained Personal Access Token (PAT) with the following permissions for microsoft/PR-Metrics:
+              # - Read access to Metadata
+              # - Read and Write access to Pull Requests
               PR_METRICS_ACCESS_TOKEN: $(GITHUB_PAT)
             inputs:
               file-matching-patterns: |
@@ -119,6 +122,9 @@ stages:
           - task: PRMetrics@1
             displayName: PR Metrics
             env:
+              # Fine-grained Personal Access Token (PAT) with the following permissions for microsoft/PR-Metrics:
+              # - Read access to Metadata
+              # - Read and Write access to Pull Requests
               PR_METRICS_ACCESS_TOKEN: $(GITHUB_PAT)
             inputs:
               file-matching-patterns: |
@@ -147,6 +153,9 @@ stages:
           - task: PRMetrics@1
             displayName: PR Metrics
             env:
+              # Fine-grained Personal Access Token (PAT) with the following permissions for microsoft/PR-Metrics:
+              # - Read access to Metadata
+              # - Read and Write access to Pull Requests
               PR_METRICS_ACCESS_TOKEN: $(GITHUB_PAT)
             inputs:
               file-matching-patterns: |
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 836519b2..25b69a46 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,14 +1,8 @@
 ## Summary
 
-### Motivation
-
-<!-- Provide a summary of the reasons or motivations behind this PR and what it
-     aims to accomplish. -->
-
-### Technical
-
-<!-- Provide a brief technical summary, if appropriate, describing the
-     change. -->
+<!-- Provide a summary of the reasons or motivations behind this PR, what it
+     aims to accomplish, and technical implementation details. Consider using
+     Copilot. -->
 
 ## Testing
 
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 53f7f138..87b4864a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -270,24 +270,6 @@ jobs:
           print-valid-files: true
           strict: false
 
-  validate-codeql:
-    name: Validate – CodeQL
-    runs-on: ubuntu-latest
-    permissions:
-      security-events: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b  # v4.1.4
-
-      - name: Initialize
-        uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14  # v3.25.3
-        with:
-          config-file: .github/linters/codeql.yml
-          queries: security-extended,security-and-quality
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14  # v3.25.3
-
   validate-linter:
     name: Validate – Linter
     runs-on: ubuntu-latest
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000..90d88aac
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,45 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+---
+
+name: CodeQL
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: 0 0 * * 1
+  workflow_dispatch: null
+
+permissions: {}
+
+jobs:
+  analyze:
+    name: Analyze JavaScript & TypeScript
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    permissions:
+      security-events: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b  # v4.1.4
+
+      - name: Initialize
+        uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14  # v3.25.3
+        with:
+          languages: javascript-typescript
+          build-mode: none
+          config-file: .github/linters/codeql.yml
+          queries: security-extended,security-and-quality
+
+      - name: Analyze
+        uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14  # v3.25.3
+        with:
+          category: /language:javascript-typescript
+
+...
diff --git a/.github/workflows/release-phase-1-internal.yml b/.github/workflows/release-phase-1-internal.yml
index 691b5975..4e4fcf13 100644
--- a/.github/workflows/release-phase-1-internal.yml
+++ b/.github/workflows/release-phase-1-internal.yml
@@ -181,8 +181,9 @@ jobs:
           --assignee "${{ github.actor }}"
           --reviewer "${{ github.actor }}"
         env:
-          # Classic Personal Access Token (PAT) with the "repo" permission for microsoft. Fine-grained PATs will
-          # not work due to GitHub CLI's dependence on GraphQL.
+          # Fine-grained Personal Access Token (PAT) with the following permissions for microsoft/PR-Metrics:
+          # - Read access to Metadata
+          # - Read and Write access to Pull Requests
           GITHUB_TOKEN: ${{ secrets.RELEASE_PHASE_1_PR_CREATE }}
 
       - name: PR – Comment