diff --git a/go.mod b/go.mod
index 3f9b0f332..3087af96c 100644
--- a/go.mod
+++ b/go.mod
@@ -119,6 +119,7 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
diff --git a/go.sum b/go.sum
index 4f32eea6b..3fae5d516 100644
--- a/go.sum
+++ b/go.sum
@@ -1466,6 +1466,7 @@ github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
diff --git a/test/provisioner/provision_azure.go b/test/provisioner/provision_azure.go
index d9b9dbb2f..47f350208 100644
--- a/test/provisioner/provision_azure.go
+++ b/test/provisioner/provision_azure.go
@@ -15,15 +15,17 @@ import (
 	"strings"
 	"time"
 
+	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/e2e-framework/pkg/envconf"
 
+	"github.com/containerd/containerd/reference"
+	log "github.com/sirupsen/logrus"
+
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
 	"github.com/Azure/go-autorest/autorest"
-	log "github.com/sirupsen/logrus"
-	"k8s.io/apimachinery/pkg/util/wait"
 )
 
 func init() {
@@ -431,6 +433,36 @@ func (lio *AzureInstallOverlay) Delete(ctx context.Context, cfg *envconf.Config)
 
 func (lio *AzureInstallOverlay) Edit(ctx context.Context, cfg *envconf.Config, properties map[string]string) error {
 	var err error
+
+	// If a custom image is defined then update it in the kustomization file.
+	if AzureProps.CaaImage != "" {
+		spec, err := reference.Parse(AzureProps.CaaImage)
+		if err != nil {
+			return fmt.Errorf("parsing image: %w", err)
+		}
+
+		log.Infof("Updating CAA image with %q", spec.Locator)
+		if err = lio.overlay.SetKustomizeImage("cloud-api-adaptor", "newName", spec.Locator); err != nil {
+			return err
+		}
+
+		tag, digest := reference.SplitObject(spec.Object)
+
+		if tag != "" && strings.HasSuffix(tag, "@") {
+			tag = tag[:len(tag)-1]
+		}
+
+		log.Infof("Updating CAA image tag with %q", tag)
+		if err = lio.overlay.SetKustomizeImage("cloud-api-adaptor", "newTag", tag); err != nil {
+			return err
+		}
+
+		log.Infof("Updating CAA image digest with %q", digest)
+		if err = lio.overlay.SetKustomizeImage("cloud-api-adaptor", "digest", digest.String()); err != nil {
+			return err
+		}
+	}
+
 	for k, v := range properties {
 		// configMapGenerator
 		if isAzureKustomizeConfigMapKey(k) {
diff --git a/test/provisioner/provision_azure_cli_auth.properties b/test/provisioner/provision_azure_cli_auth.properties
index ff8d6e69e..1e0175028 100644
--- a/test/provisioner/provision_azure_cli_auth.properties
+++ b/test/provisioner/provision_azure_cli_auth.properties
@@ -10,3 +10,4 @@ AZURE_IMAGE_ID=""
 SSH_USERNAME=""
 AZURE_CLI_AUTH="true"
 IS_CI_MANAGED_CLUSTER="true"
+CAA_IMAGE="quay.io/confidential-containers/cloud-api-adaptor:latest"
diff --git a/test/provisioner/provision_azure_initializer.go b/test/provisioner/provision_azure_initializer.go
index 0141584c3..ae4c30787 100644
--- a/test/provisioner/provision_azure_initializer.go
+++ b/test/provisioner/provision_azure_initializer.go
@@ -35,6 +35,7 @@ type AzureProperties struct {
 	ManagedIdentityName string
 	IsAzCliAuth         bool
 	IsCIManaged         bool
+	CaaImage            string
 
 	InstanceSize string
 	NodeName     string
@@ -66,6 +67,7 @@ func initAzureProperties(properties map[string]string) error {
 		SubnetID:            properties["AZURE_SUBNET_ID"],
 		SshUserName:         properties["SSH_USERNAME"],
 		ManagedIdentityName: properties["MANAGED_IDENTITY_NAME"],
+		CaaImage:            properties["CAA_IMAGE"],
 	}
 
 	CIManagedStr := properties["IS_CI_MANAGED_CLUSTER"]