diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs
index 3ff8026f3e..f906c28b4c 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs
@@ -246,8 +246,10 @@ private bool VerifyHealthReportAgainstRootCertificate(X509Certificate2Collection
             // An Always Encrypted-enabled driver doesn't verify an expiration date or a certificate authority chain.
             // A certificate is simply used as a key pair consisting of a public and private key. This is by design.
 
+            #pragma warning disable IA5352
             // CodeQL [SM00395] By design. Always Encrypted certificates should not be checked.
             chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+            #pragma warning restore IA5352
 
             if (!chain.Build(healthReportCert))
             {