I found how to create an Azure account-level SAS token with PowerShell. Link However, the cmdlet New-AzureStorageAccountSASToken does not appear to accept a -Policy parameter.
Does this mean that there cannot be a SAS policy on an account-level SAS token? An implication would be that if the token were compromised, one could not just remove the policy but would have to change the key.
