diff --git a/automation/roles/cloud-resources/tasks/azure.yml b/automation/roles/cloud-resources/tasks/azure.yml
index 949be5eb6..3c9e83ebe 100644
--- a/automation/roles/cloud-resources/tasks/azure.yml
+++ b/automation/roles/cloud-resources/tasks/azure.yml
@@ -46,33 +46,46 @@
         PATH: "{{ ansible_env.PATH }}:/usr/local/bin:/usr/bin"
         PIP_BREAK_SYSTEM_PACKAGES: "1"
 
-    # CLI required for task "Add virtual machine IP addresses to Load Balancer backend pool"
-    - name: Check if Azure CLI is installed
-      ansible.builtin.command: az --version
-      register: az_version_result
-      changed_when: false
-      failed_when: false
-
-    # try to install CLI (if not installed)
-    - name: Install Azure CLI
-      community.general.homebrew:
-        name: azure-cli
-        state: present
-      ignore_errors: true
-      when:
-        - az_version_result.rc != 0
-        - ansible_distribution == "MacOSX"
-
-    - name: Install Azure CLI
-      ansible.builtin.shell: >
-        set -o pipefail;
-        curl -sL https://aka.ms/InstallAzureCli | bash
-      args:
-        executable: /bin/bash
-      ignore_errors: true
-      when:
-        - az_version_result.rc != 0
-        - ansible_distribution != "MacOSX"
+    # Azure CLI
+    # Note: required for task "Add virtual machine IP addresses to Load Balancer backend pool"
+    - block:
+        - name: Check if Azure CLI is installed
+          ansible.builtin.command: az --version
+          register: az_version_result
+          changed_when: false
+          failed_when: false
+
+        # try to install CLI (if not installed)
+        - name: Install Azure CLI
+          community.general.homebrew:
+            name: azure-cli
+            state: present
+          ignore_errors: true
+          when:
+            - az_version_result.rc != 0
+            - ansible_distribution == "MacOSX"
+
+        - name: Install Azure CLI
+          ansible.builtin.shell: >
+            set -o pipefail;
+            curl -sL https://aka.ms/InstallAzureCli | bash
+          args:
+            executable: /bin/bash
+          ignore_errors: true
+          when:
+            - az_version_result.rc != 0
+            - ansible_distribution != "MacOSX"
+
+        # login
+        - name: Login to Azure using Service Principal
+          ansible.builtin.shell: |
+            az login --service-principal \
+            --username "{{ lookup('env', 'AZURE_CLIENT_ID') }}" \
+            --password "{{ lookup('env', 'AZURE_SECRET') }}" \
+            --tenant "{{ lookup('env', 'AZURE_TENANT') }}"
+          args:
+            executable: /bin/bash
+      when: cloud_load_balancer | bool
   delegate_to: 127.0.0.1
   become: false
   run_once: true