Azure の Managed Identity の Subject Identifier では glob を使えない？

https://learn.microsoft.com/en-us/azure/active-directory/workload-identities/workload-identity-federation-create-trust-user-assigned-managed-identity?pivots=identity-wif-mi-methods-azp

Subject identifier: must match the sub claim in the token issued by the external identity provider. In this example using Google Cloud, subject is the Unique ID of the service account you plan to use.

glob が使えないと GitHub OIDC の subject claim を customize して ref を含めるようにした際に、
Pull Request で認証できなくなってしまう。