diff --git a/provider/cmd/pulumi-resource-azure/schema.json b/provider/cmd/pulumi-resource-azure/schema.json
index 574f6e813a..f5b4962767 100644
--- a/provider/cmd/pulumi-resource-azure/schema.json
+++ b/provider/cmd/pulumi-resource-azure/schema.json
@@ -168,8 +168,8 @@
             "dependencies": {
                 "@azure/eventgrid": "^4.6.0",
                 "@azure/functions": "=1.2.2",
+                "@azure/identity": "^4.0.0",
                 "@azure/ms-rest-azure-js": "^2.0.1",
-                "@azure/ms-rest-nodeauth": "^3.0.0",
                 "@pulumi/pulumi": "^3.0.0",
                 "azure-functions-ts-essentials": "^1.3.2",
                 "moment": "2.29.4",
diff --git a/provider/resources.go b/provider/resources.go
index e988221277..74e5b4fdc7 100644
--- a/provider/resources.go
+++ b/provider/resources.go
@@ -3160,8 +3160,8 @@ func Provider() tfbridge.ProviderInfo {
 				"@pulumi/pulumi":                "^3.0.0",
 				"@azure/eventgrid":              "^4.6.0",
 				"@azure/functions":              "=1.2.2",
+				"@azure/identity":               "^4.0.0",
 				"@azure/ms-rest-azure-js":       "^2.0.1",
-				"@azure/ms-rest-nodeauth":       "^3.0.0",
 				"azure-functions-ts-essentials": "^1.3.2",
 				"moment":                        "2.29.4",
 				"node-fetch":                    "^2.3.0",
diff --git a/sdk/nodejs/core/zMixins.ts b/sdk/nodejs/core/zMixins.ts
index b8fb212610..72867f9c50 100644
--- a/sdk/nodejs/core/zMixins.ts
+++ b/sdk/nodejs/core/zMixins.ts
@@ -12,8 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { ServiceClientCredentials } from "@azure/ms-rest-js";
-import * as msnodeauth from "@azure/ms-rest-nodeauth";
+import * as pulumi from "@pulumi/pulumi";
+import { ServiceClientCredentials, AzureIdentityCredentialAdapter } from "@azure/ms-rest-js";
+import * as identity from "@azure/identity";
 import * as config from "../config";
 import * as utilities from "../utilities";
 
@@ -22,23 +23,25 @@ import * as utilities from "../utilities";
  * are either based on MSI, a service principal, or Azure CLI user credentials.
  */
 export async function getServiceClientCredentials(): Promise<ServiceClientCredentials> {
-    let credentials: ServiceClientCredentials;
-
     const useMsi = config.useMsi || utilities.getEnvBoolean("ARM_USE_MSI");
-    const msiEndpoint = config.msiEndpoint || utilities.getEnv("ARM_MSI_ENDPOINT");
     const clientId = config.clientId || utilities.getEnv("AZURE_CLIENT_ID", "ARM_CLIENT_ID");
     const clientSecret = config.clientSecret || utilities.getEnv("AZURE_CLIENT_SECRET", "ARM_CLIENT_SECRET");
+    const clientCertPath = config.clientCertificatePath || utilities.getEnv("ARM_CLIENT_CERTIFICATE_PATH");
+    const clientCertPassword = config.clientCertificatePassword || utilities.getEnv("ARM_CLIENT_CERTIFICATE_PASSWORD");
     const tenantId = config.tenantId || utilities.getEnv("AZURE_TENANT_ID", "ARM_TENANT_ID");
+    config.oidcToken
 
+    let tokenCredential: identity.TokenCredential = new identity.AzureCliCredential();
     if (useMsi) {
-        credentials = await msnodeauth.loginWithAppServiceMSI({ msiEndpoint: msiEndpoint });
-    } else if (clientId && clientSecret && tenantId) {
-        credentials = await msnodeauth.loginWithServicePrincipalSecret(
-            clientId, clientSecret, tenantId);
-    } else {
-        // `create()` will throw an error if the Az CLI is not installed or `az login` has never been run.
-        credentials = await msnodeauth.AzureCliCredentials.create();
+        tokenCredential = new identity.ManagedIdentityCredential();
+    } else if (clientId && tenantId) {
+        if (clientSecret) {
+            tokenCredential = new identity.ClientSecretCredential(tenantId, clientId, clientSecret);
+        } else if (clientCertPath) {
+            tokenCredential = new identity.ClientCertificateCredential(tenantId, clientId, { certificatePath: clientCertPath, certificatePassword: clientCertPassword });
+        }
     }
+    pulumi.log.debug(`Using Azure credentials: ${tokenCredential.constructor.name}`);
 
-    return credentials;
+    return new AzureIdentityCredentialAdapter(tokenCredential)
 }
diff --git a/sdk/nodejs/package.json b/sdk/nodejs/package.json
index 16aee4f230..ef1b7f6757 100644
--- a/sdk/nodejs/package.json
+++ b/sdk/nodejs/package.json
@@ -15,8 +15,8 @@
     "dependencies": {
         "@azure/eventgrid": "^4.6.0",
         "@azure/functions": "=1.2.2",
+        "@azure/identity": "^4.0.0",
         "@azure/ms-rest-azure-js": "^2.0.1",
-        "@azure/ms-rest-nodeauth": "^3.0.0",
         "@pulumi/pulumi": "^3.0.0",
         "azure-functions-ts-essentials": "^1.3.2",
         "moment": "2.29.4",