diff --git a/.changelog/4763.txt b/.changelog/4763.txt
new file mode 100644
index 00000000000..32aebe917ef
--- /dev/null
+++ b/.changelog/4763.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+plugin/azure-aci: Update plugin to attempt CLI auth if environment auth fails.
+```
\ No newline at end of file
diff --git a/builtin/azure/aci/deployment.go b/builtin/azure/aci/deployment.go
index c140275366e..9f8019b2e3b 100644
--- a/builtin/azure/aci/deployment.go
+++ b/builtin/azure/aci/deployment.go
@@ -12,6 +12,8 @@ import (
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2015-11-01/subscriptions"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/azure/auth"
+	"github.com/hashicorp/go-hclog"
+
 	"github.com/hashicorp/waypoint-plugin-sdk/component"
 )
 
@@ -27,14 +29,14 @@ func (d *Deployment) containerInstanceGroupsClient(auth autorest.Authorizer) (*c
 }
 
 // init sets up the authorizer and fetches the locations
-func (d *Deployment) authenticate(ctx context.Context) (autorest.Authorizer, error) {
+func (d *Deployment) authenticate(ctx context.Context, log hclog.Logger) (autorest.Authorizer, error) {
 	// create an authorizer from env vars or Azure Managed Service Identity
 	//authorizer, err := auth.NewAuthorizerFromCLI()
 
 	// first try and create an environment
 	authorizer, err := auth.NewAuthorizerFromEnvironment()
 	if err != nil {
-		return nil, fmt.Errorf("Unable to create subscriptions client: %s", err)
+		log.Warn("unable to create subscriptions client", "error", err)
 	}
 
 	// we need to timeout this request as this request never fails when we have
@@ -51,6 +53,7 @@ func (d *Deployment) authenticate(ctx context.Context) (autorest.Authorizer, err
 	defer cf2()
 
 	// the environment variable auth has failed fall back to CLI auth
+	log.Info("attempting CLI auth")
 	authorizer, err = auth.NewAuthorizerFromCLI()
 	if err != nil {
 		return authorizer, err
@@ -61,7 +64,7 @@ func (d *Deployment) authenticate(ctx context.Context) (autorest.Authorizer, err
 	}
 
 	return nil, fmt.Errorf(
-		"Unable to authenticate with the Azure API, ensure you have your credentials set as environment variables, " +
+		"unable to authenticate with the Azure API, ensure you have your credentials set as environment variables, " +
 			"or you have logged in using the 'az' command line tool",
 	)
 }
diff --git a/builtin/azure/aci/platform.go b/builtin/azure/aci/platform.go
index 10176e3629b..ad57a003783 100644
--- a/builtin/azure/aci/platform.go
+++ b/builtin/azure/aci/platform.go
@@ -83,7 +83,7 @@ func (p *Platform) Deploy(
 		},
 	}
 
-	auth, err := deployment.authenticate(ctx)
+	auth, err := deployment.authenticate(ctx, log)
 	if err != nil {
 		return nil, status.Error(
 			codes.Unauthenticated,