[BUG]: AzureCli task fails to authenticate to service connection when multiple managed identities are assigned.

New issue checklist

[x] I searched for existing GitHub issues
[x] I read pipeline troubleshooting guide
[x] I checked how to collect logs

Task name

AzureCLI

Task version

Issue Description

Based on user @teeroddesigns issue here. There is a bug when assigning multiple user assigned managed identities to a Windows and Linux VM with the Azure CLI task.

Steps to recreate:

Create a service connection to Azure Resource Manager using managed identity
Provide details etc and setup succssfully
Add this managed identity to your VM running the Azure DevOps agent, along with an addtional, unrelated managed identity.
Run the AzureCli task,, you will see the errors:

ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
##[error]Error Code: [1]
Get Token request returned http error: 400, reason: Bad Request
##[error]Error: Azure login failed using Managed Service Identity
##[error]Script failed with error: ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned http error: 400, reason: Bad Request

##[error]Script failed with error: ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned http error: 400, reason: Bad Request

To validate this, I went ahead and removed the unrelated managed identity from my VM, meaning only managed identity to the corresponding service connection, and it works:

[
  {
    "environmentName": "AzureCloud",
    "homeTenantId": "xxx",
    "id": xxx",
    "isDefault": true,
    "managedByTenants": [],
    "name": "xxx",
    "state": "Enabled",
    "tenantId": "xxx",
    "user": {
      "assignedIdentityInfo": "MSI",
      "name": "systemAssignedIdentity",
      "type": "servicePrincipal"
    }
  }
]

Environment type (Please select at least one enviroment where you face this issue)

[X] Self-Hosted
[ ] Microsoft Hosted
[ ] VMSS Pool
[ ] Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

Ubuntu22.04

Relevant log output

ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
##[error]Error Code: [1]
Get Token request returned http error: 400, reason: Bad Request
##[error]Error: Azure login failed using Managed Service Identity
##[error]Script failed with error: ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned http error: 400, reason: Bad Request

##[error]Script failed with error: ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned http error: 400, reason: Bad Request

Full task logs with system.debug enabled

No response

Repro steps

Create a service connection to Azure Resource Manager using managed identity
Provide details etc and setup succssfully
Add this managed identity to your VM running the Azure DevOps agent, along with an addtional, unrelated managed identity.
Run the AzureCli task,, you will see the errors:

No response

microsoft / azure-pipelines-tasks

[BUG]: AzureCli task fails to authenticate to service connection when multiple managed identities are assigned. #20335

New issue checklist

Task name

Task version

Issue Description

Environment type (Please select at least one enviroment where you face this issue)

Azure DevOps Server type

Azure DevOps Server Version (if applicable)

Operation system

Relevant log output

Full task logs with system.debug enabled

Repro steps