diff --git a/.github/workflows/ByoVnetPrivateCI.yml b/.github/workflows/ByoVnetPrivateCI.yml
index 70cb57498..ecc2ee96c 100644
--- a/.github/workflows/ByoVnetPrivateCI.yml
+++ b/.github/workflows/ByoVnetPrivateCI.yml
@@ -18,7 +18,7 @@ on:
         required: false
       region:
         description: 'Resource Deployment Region'
-        default: 'UKWest'
+        default: 'EastUs'
         options:
           - "WestEurope"
           - "NorthEurope"
diff --git a/.github/workflows/cleanupRg.yml b/.github/workflows/cleanupRg.yml
index 40dcf7c56..5a8371c98 100644
--- a/.github/workflows/cleanupRg.yml
+++ b/.github/workflows/cleanupRg.yml
@@ -54,10 +54,15 @@ jobs:
         try {
           #Remove all but public ip addresses
           Get-AzResource -ResourceGroupName $rgToPurge.ResourceGroupName | ? {$_.ResourceType -ne "Microsoft.Network/publicIPAddresses"} | Remove-AzResource -Force
+          
           #Remove public ip addresses
           Get-AzResource -ResourceGroupName $rgToPurge.ResourceGroupName | ? {$_.ResourceType -eq "Microsoft.Network/publicIPAddresses"} | Remove-AzResource -Force
+          
           #Final run to clean other dependant resources in parent-child graph
           Get-AzResource -ResourceGroupName $rgToPurge.ResourceGroupName | Remove-AzResource -Force
+          
+          #Remove unknown/invalid role assignments from rg
+          Get-AzRoleAssignment -Scope $rgToPurge.ResourceId | where ObjectType -eq 'Unknown' | Remove-AzRoleAssignment
         }
         Catch #we're wanting to suppress failures in this step. If it fails to clean, the nightly automation will catch it.
         {