diff --git a/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml b/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml
index 76bd315382e..234a1e485f9 100644
--- a/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml
+++ b/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml
@@ -350,20 +350,25 @@ spec:
         owner: root:root
         path: /etc/kubernetes/azure.json
         permissions: "0644"
-      - content: |
-          #!/bin/bash
-
-          set -o nounset
-          set -o pipefail
-          set -o errexit
-          [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO=""
-
-          echo "Use OOT credential provider"
-          mkdir -p /var/lib/kubelet/credential-provider
-          curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider"
-          chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
-          curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml"
-          chmod 644 /var/lib/kubelet/credential-provider-config.yaml
+      - content: "#!/bin/bash\n\nset -o nounset\nset -o pipefail\nset -o errexit\n[[
+          $(id -u) != 0 ]] && SUDO=\"sudo\" || SUDO=\"\"\n\n# Run the az login command
+          with managed identity\noutput=$(az login --identity 2>&1)\nstatus=$?\nif
+          [ $status -eq 0 ]; then\n  echo \"Logged in Azure with managed identity\"\n
+          \ az login --identity\n  echo \"Use OOT credential provider\"\n  mkdir -p
+          /var/lib/kubelet/credential-provider\n  az storage blob download --blob-url
+          \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider\"
+          -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode
+          login\n  chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
+          \n  az storage blob download --blob-url \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml\"
+          -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login\n
+          \ chmod 644 /var/lib/kubelet/credential-provider-config.yaml\nelse\n  echo
+          \"Use OOT credential provider\"\n  mkdir -p /var/lib/kubelet/credential-provider\n
+          \ curl --retry 10 --retry-delay 5 -w \"response status code is %{http_code}\"
+          -Lo /var/lib/kubelet/credential-provider/acr-credential-provider \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider\"\n
+          \ chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider\n
+          \ curl --retry 10 --retry-delay 5 -w \"response status code is %{http_code}\"
+          -Lo /var/lib/kubelet/credential-provider-config.yaml \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml\"\n
+          \ chmod 644 /var/lib/kubelet/credential-provider-config.yaml\nfi\n"
         owner: root:root
         path: /tmp/oot-cred-provider.sh
         permissions: "0744"
diff --git a/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml b/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml
index 910b93ab7a2..99943bce65a 100644
--- a/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml
+++ b/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml
@@ -367,20 +367,25 @@ spec:
         owner: root:root
         path: /etc/kubernetes/azure.json
         permissions: "0644"
-      - content: |
-          #!/bin/bash
-
-          set -o nounset
-          set -o pipefail
-          set -o errexit
-          [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO=""
-
-          echo "Use OOT credential provider"
-          mkdir -p /var/lib/kubelet/credential-provider
-          curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider"
-          chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
-          curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml"
-          chmod 644 /var/lib/kubelet/credential-provider-config.yaml
+      - content: "#!/bin/bash\n\nset -o nounset\nset -o pipefail\nset -o errexit\n[[
+          $(id -u) != 0 ]] && SUDO=\"sudo\" || SUDO=\"\"\n\n# Run the az login command
+          with managed identity\noutput=$(az login --identity 2>&1)\nstatus=$?\nif
+          [ $status -eq 0 ]; then\n  echo \"Logged in Azure with managed identity\"\n
+          \ az login --identity\n  echo \"Use OOT credential provider\"\n  mkdir -p
+          /var/lib/kubelet/credential-provider\n  az storage blob download --blob-url
+          \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider\"
+          -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode
+          login\n  chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
+          \n  az storage blob download --blob-url \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml\"
+          -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login\n
+          \ chmod 644 /var/lib/kubelet/credential-provider-config.yaml\nelse\n  echo
+          \"Use OOT credential provider\"\n  mkdir -p /var/lib/kubelet/credential-provider\n
+          \ curl --retry 10 --retry-delay 5 -w \"response status code is %{http_code}\"
+          -Lo /var/lib/kubelet/credential-provider/acr-credential-provider \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider\"\n
+          \ chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider\n
+          \ curl --retry 10 --retry-delay 5 -w \"response status code is %{http_code}\"
+          -Lo /var/lib/kubelet/credential-provider-config.yaml \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml\"\n
+          \ chmod 644 /var/lib/kubelet/credential-provider-config.yaml\nfi\n"
         owner: root:root
         path: /tmp/oot-cred-provider.sh
         permissions: "0744"
diff --git a/templates/test/ci/cluster-template-prow-ci-version.yaml b/templates/test/ci/cluster-template-prow-ci-version.yaml
index 90196da7d90..4577e953341 100644
--- a/templates/test/ci/cluster-template-prow-ci-version.yaml
+++ b/templates/test/ci/cluster-template-prow-ci-version.yaml
@@ -327,20 +327,25 @@ spec:
         owner: root:root
         path: /etc/kubernetes/azure.json
         permissions: "0644"
-      - content: |
-          #!/bin/bash
-
-          set -o nounset
-          set -o pipefail
-          set -o errexit
-          [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO=""
-
-          echo "Use OOT credential provider"
-          mkdir -p /var/lib/kubelet/credential-provider
-          curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider"
-          chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
-          curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml"
-          chmod 644 /var/lib/kubelet/credential-provider-config.yaml
+      - content: "#!/bin/bash\n\nset -o nounset\nset -o pipefail\nset -o errexit\n[[
+          $(id -u) != 0 ]] && SUDO=\"sudo\" || SUDO=\"\"\n\n# Run the az login command
+          with managed identity\noutput=$(az login --identity 2>&1)\nstatus=$?\nif
+          [ $status -eq 0 ]; then\n  echo \"Logged in Azure with managed identity\"\n
+          \ az login --identity\n  echo \"Use OOT credential provider\"\n  mkdir -p
+          /var/lib/kubelet/credential-provider\n  az storage blob download --blob-url
+          \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider\"
+          -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode
+          login\n  chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
+          \n  az storage blob download --blob-url \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml\"
+          -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login\n
+          \ chmod 644 /var/lib/kubelet/credential-provider-config.yaml\nelse\n  echo
+          \"Use OOT credential provider\"\n  mkdir -p /var/lib/kubelet/credential-provider\n
+          \ curl --retry 10 --retry-delay 5 -w \"response status code is %{http_code}\"
+          -Lo /var/lib/kubelet/credential-provider/acr-credential-provider \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider\"\n
+          \ chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider\n
+          \ curl --retry 10 --retry-delay 5 -w \"response status code is %{http_code}\"
+          -Lo /var/lib/kubelet/credential-provider-config.yaml \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml\"\n
+          \ chmod 644 /var/lib/kubelet/credential-provider-config.yaml\nfi\n"
         owner: root:root
         path: /tmp/oot-cred-provider.sh
         permissions: "0744"
diff --git a/templates/test/ci/prow-ci-version/patches/oot-credential-provider.yaml b/templates/test/ci/prow-ci-version/patches/oot-credential-provider.yaml
index c19189628cc..1c8f06d7fb7 100644
--- a/templates/test/ci/prow-ci-version/patches/oot-credential-provider.yaml
+++ b/templates/test/ci/prow-ci-version/patches/oot-credential-provider.yaml
@@ -9,12 +9,26 @@
       set -o errexit
       [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO=""
 
-      echo "Use OOT credential provider"
-      mkdir -p /var/lib/kubelet/credential-provider
-      curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider"
-      chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
-      curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml"
-      chmod 644 /var/lib/kubelet/credential-provider-config.yaml
+      # Run the az login command with managed identity
+      output=$(az login --identity 2>&1)
+      status=$?
+      if [ $status -eq 0 ]; then
+        echo "Logged in Azure with managed identity"
+        az login --identity
+        echo "Use OOT credential provider"
+        mkdir -p /var/lib/kubelet/credential-provider
+        az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode login
+        chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
+        az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login
+        chmod 644 /var/lib/kubelet/credential-provider-config.yaml
+      else
+        echo "Use OOT credential provider"
+        mkdir -p /var/lib/kubelet/credential-provider
+        curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider"
+        chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
+        curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml"
+        chmod 644 /var/lib/kubelet/credential-provider-config.yaml
+      fi
     path: /tmp/oot-cred-provider.sh
     owner: "root:root"
     permissions: "0744"
@@ -29,4 +43,4 @@
 - op: add
   path: /spec/template/spec/joinConfiguration/nodeRegistration/kubeletExtraArgs/image-credential-provider-config
   value:
-    /var/lib/kubelet/credential-provider-config.yaml  
+    /var/lib/kubelet/credential-provider-config.yaml
diff --git a/templates/test/dev/cluster-template-custom-builds.yaml b/templates/test/dev/cluster-template-custom-builds.yaml
index d26ccac892d..99d3f3ccfae 100644
--- a/templates/test/dev/cluster-template-custom-builds.yaml
+++ b/templates/test/dev/cluster-template-custom-builds.yaml
@@ -319,20 +319,25 @@ spec:
         owner: root:root
         path: /etc/kubernetes/azure.json
         permissions: "0644"
-      - content: |
-          #!/bin/bash
-
-          set -o nounset
-          set -o pipefail
-          set -o errexit
-          [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO=""
-
-          echo "Use OOT credential provider"
-          mkdir -p /var/lib/kubelet/credential-provider
-          curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider"
-          chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
-          curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml"
-          chmod 644 /var/lib/kubelet/credential-provider-config.yaml
+      - content: "#!/bin/bash\n\nset -o nounset\nset -o pipefail\nset -o errexit\n[[
+          $(id -u) != 0 ]] && SUDO=\"sudo\" || SUDO=\"\"\n\n# Run the az login command
+          with managed identity\noutput=$(az login --identity 2>&1)\nstatus=$?\nif
+          [ $status -eq 0 ]; then\n  echo \"Logged in Azure with managed identity\"\n
+          \ az login --identity\n  echo \"Use OOT credential provider\"\n  mkdir -p
+          /var/lib/kubelet/credential-provider\n  az storage blob download --blob-url
+          \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider\"
+          -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode
+          login\n  chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider
+          \n  az storage blob download --blob-url \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml\"
+          -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login\n
+          \ chmod 644 /var/lib/kubelet/credential-provider-config.yaml\nelse\n  echo
+          \"Use OOT credential provider\"\n  mkdir -p /var/lib/kubelet/credential-provider\n
+          \ curl --retry 10 --retry-delay 5 -w \"response status code is %{http_code}\"
+          -Lo /var/lib/kubelet/credential-provider/acr-credential-provider \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider\"\n
+          \ chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider\n
+          \ curl --retry 10 --retry-delay 5 -w \"response status code is %{http_code}\"
+          -Lo /var/lib/kubelet/credential-provider-config.yaml \"https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml\"\n
+          \ chmod 644 /var/lib/kubelet/credential-provider-config.yaml\nfi\n"
         owner: root:root
         path: /tmp/oot-cred-provider.sh
         permissions: "0744"