diff --git a/.azure/applications/service/main.bicep b/.azure/applications/service/main.bicep
index d037ce8fe..1925e1033 100644
--- a/.azure/applications/service/main.bicep
+++ b/.azure/applications/service/main.bicep
@@ -52,6 +52,12 @@ resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01'
   name: containerAppEnvironmentName
 }
 
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: '${namePrefix}-service-identity'
+  location: location
+  tags: tags
+}
+
 var containerAppEnvVars = [
   {
     name: 'ASPNETCORE_ENVIRONMENT'
@@ -69,6 +75,10 @@ var containerAppEnvVars = [
     name: 'ASPNETCORE_URLS'
     value: 'http://+:8080'
   }
+  {
+    name: 'AZURE_CLIENT_ID'
+    value: managedIdentity.properties.clientId
+  }
 ]
 
 resource environmentKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
@@ -111,12 +121,6 @@ var probes = [
   }
 ]
 
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
-  name: '${namePrefix}-service-identity'
-  location: location
-  tags: tags
-}
-
 module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
   name: 'keyVaultReaderAccessPolicy-${containerAppName}'
   params: {