diff --git a/.github/azFunction/azure-pipelines/deploy-functions.yml b/.github/azFunction/azure-pipelines/deploy-functions.yml
index c1f0bb7b9..eef58e2d3 100644
--- a/.github/azFunction/azure-pipelines/deploy-functions.yml
+++ b/.github/azFunction/azure-pipelines/deploy-functions.yml
@@ -14,15 +14,27 @@ steps:
     includeRootFolder: false
     archiveFile: "$(System.DefaultWorkingDirectory)/build$(Build.BuildId).zip"
 
+- task: AzureCLI@2
+  displayName: 'Azure CLI Get Federated Token'
+  inputs:
+    azureSubscription: azserviceconnection
+    addSpnToEnvironment: true
+    scriptType: bash
+    scriptLocation: inlineScript
+    inlineScript: |
+      echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$servicePrincipalId"
+      echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$idToken"
+      echo "##vso[task.setvariable variable=ARM_TENANT_ID]$tenantId"
+
 - task: Bash@3
-  displayName: Login to Azure
+  displayName: Login to Azure for Subsequent Tasks
   name: git_azlogin
   inputs:
-    targetType: 'inline'
+    targetType: "inline"
     script: |
-      az login --service-principal --username $(azclilogin) --password $(azclipwd) --tenant $(azclitenant)
+      az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
 
-- task: Bash@3    
+- task: Bash@3
   displayName: Deploy Base Azure Function
   name: create_az_function
   inputs:
@@ -30,15 +42,15 @@ steps:
     script: |
       az deployment group create --resource-group cancelsubscription --template-file .github/azFunction/AzFunctionInfrastructure/main.bicep --parameters parAzFunctionName=$(cancelsubfunctionname)
 
-- task: AzureFunctionApp@1 
+- task: AzureFunctionApp@1
   displayName: "Deploy Functions to base"
   inputs:
     azureSubscription: 'azserviceconnection'
-    appType: functionAppLinux 
+    appType: functionAppLinux
     appName: $(cancelsubfunctionname)
     package: $(System.DefaultWorkingDirectory)/build$(Build.BuildId).zip
 
-- task: Bash@3    
+- task: Bash@3
   displayName: Az CLI create Role Assignment to Tenant root group
   name: create_role_assign_tenant
   inputs:
diff --git a/accelerator/.github/workflows/alz-bicep-1-core.yml b/accelerator/.github/workflows/alz-bicep-1-core.yml
index 371464d6f..cf7d66815 100644
--- a/accelerator/.github/workflows/alz-bicep-1-core.yml
+++ b/accelerator/.github/workflows/alz-bicep-1-core.yml
@@ -53,7 +53,7 @@ jobs:
         run: cat ${{ env.ENV_FILE }} >> $GITHUB_ENV
 
       - name: OIDC Login to Tenant
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
diff --git a/accelerator/.github/workflows/alz-bicep-2-policyassignments.yml b/accelerator/.github/workflows/alz-bicep-2-policyassignments.yml
index eed69e461..c95b6ee32 100644
--- a/accelerator/.github/workflows/alz-bicep-2-policyassignments.yml
+++ b/accelerator/.github/workflows/alz-bicep-2-policyassignments.yml
@@ -43,7 +43,7 @@ jobs:
         run: cat ${{ env.ENV_FILE }} >> $GITHUB_ENV
 
       - name: OIDC Login to Tenant
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
diff --git a/accelerator/.github/workflows/alz-bicep-3-subplacement.yml b/accelerator/.github/workflows/alz-bicep-3-subplacement.yml
index 1bdc48277..63c257397 100644
--- a/accelerator/.github/workflows/alz-bicep-3-subplacement.yml
+++ b/accelerator/.github/workflows/alz-bicep-3-subplacement.yml
@@ -43,7 +43,7 @@ jobs:
         run: cat ${{ env.ENV_FILE }} >> $GITHUB_ENV
 
       - name: OIDC Login to Tenant
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
diff --git a/accelerator/.github/workflows/alz-bicep-4a-hubspoke.yml b/accelerator/.github/workflows/alz-bicep-4a-hubspoke.yml
index 4768cc363..ba7f3c97f 100644
--- a/accelerator/.github/workflows/alz-bicep-4a-hubspoke.yml
+++ b/accelerator/.github/workflows/alz-bicep-4a-hubspoke.yml
@@ -45,7 +45,7 @@ jobs:
         run: cat ${{ env.ENV_FILE }} >> $GITHUB_ENV
 
       - name: OIDC Login to Tenant
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
diff --git a/accelerator/.github/workflows/alz-bicep-4b-vwan.yml b/accelerator/.github/workflows/alz-bicep-4b-vwan.yml
index b85128db3..c71617f56 100644
--- a/accelerator/.github/workflows/alz-bicep-4b-vwan.yml
+++ b/accelerator/.github/workflows/alz-bicep-4b-vwan.yml
@@ -45,7 +45,7 @@ jobs:
         run: cat ${{ env.ENV_FILE }} >> $GITHUB_ENV
 
       - name: OIDC Login to Tenant
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
diff --git a/docs/wiki/PipelinesGitHub.md b/docs/wiki/PipelinesGitHub.md
index 9c351da77..0f019f109 100644
--- a/docs/wiki/PipelinesGitHub.md
+++ b/docs/wiki/PipelinesGitHub.md
@@ -38,7 +38,7 @@ jobs:
           fetch-depth: 0
 
       - name: Azure Login
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
           creds: '${{ secrets.AZURE_CREDENTIALS }}'
 
diff --git a/tests/pipelines/base-unit-validate.yml b/tests/pipelines/base-unit-validate.yml
index ddbb1a163..207ea6ad7 100644
--- a/tests/pipelines/base-unit-validate.yml
+++ b/tests/pipelines/base-unit-validate.yml
@@ -19,13 +19,25 @@ jobs:
     pool:
       vmImage: ubuntu-latest
     steps:
+      - task: AzureCLI@2
+        displayName: 'Azure CLI Get Federated Token'
+        inputs:
+          azureSubscription: azserviceconnection
+          addSpnToEnvironment: true
+          scriptType: bash
+          scriptLocation: inlineScript
+          inlineScript: |
+            echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$servicePrincipalId"
+            echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$idToken"
+            echo "##vso[task.setvariable variable=ARM_TENANT_ID]$tenantId"
+
       - task: Bash@3
-        displayName: Login to Azure
+        displayName: Login to Azure for Subsequent Tasks
         name: git_azlogin
         inputs:
           targetType: "inline"
           script: |
-            az login --service-principal --username $(azclilogin) --password $(azclipwd) --tenant $(azclitenant)
+            az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
 
       - task: Bash@3
         displayName: Az CLI Create Subscription for PR
diff --git a/tests/pipelines/bicep-build-to-validate.yml b/tests/pipelines/bicep-build-to-validate.yml
index 5de0a3fb4..8099f3949 100644
--- a/tests/pipelines/bicep-build-to-validate.yml
+++ b/tests/pipelines/bicep-build-to-validate.yml
@@ -100,13 +100,25 @@ jobs:
             echo "gitSpokeOUTPUT=$git_spoke" >> $GITHUB_ENV
             echo "##vso[task.setvariable variable=gitSpokeOUTPUT]$git_spoke"
 
+      - task: AzureCLI@2
+        displayName: 'Azure CLI Get Federated Token'
+        inputs:
+          azureSubscription: azserviceconnection
+          addSpnToEnvironment: true
+          scriptType: bash
+          scriptLocation: inlineScript
+          inlineScript: |
+            echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$servicePrincipalId"
+            echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$idToken"
+            echo "##vso[task.setvariable variable=ARM_TENANT_ID]$tenantId"
+
       - task: Bash@3
-        displayName: Login to Azure
+        displayName: Login to Azure for Subsequent Tasks
         name: git_azlogin
         inputs:
           targetType: "inline"
           script: |
-            az login --service-principal --username $(azclilogin) --password $(azclipwd) --tenant $(azclitenant)
+            az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
 
       - task: Bash@3
         displayName: Az CLI Create Subscription for PR
diff --git a/tests/pipelines/mc-base-unit-validate.yml b/tests/pipelines/mc-base-unit-validate.yml
index ca7fdaec4..9a59c8632 100644
--- a/tests/pipelines/mc-base-unit-validate.yml
+++ b/tests/pipelines/mc-base-unit-validate.yml
@@ -17,14 +17,26 @@ jobs:
     pool:
       vmImage: ubuntu-latest
     steps:
+      - task: AzureCLI@2
+        displayName: 'Azure CLI Get Federated Token'
+        inputs:
+          azureSubscription: mcserviceconnection
+          addSpnToEnvironment: true
+          scriptType: bash
+          scriptLocation: inlineScript
+          inlineScript: |
+            echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$servicePrincipalId"
+            echo "##vso[task.setvariable variable=ARM_ID_TOKEN]$idToken"
+            echo "##vso[task.setvariable variable=ARM_TENANT_ID]$tenantId"
+
       - task: Bash@3
-        displayName: Login to Azure
+        displayName: Login to Azure for Subsequent Tasks
         name: git_azlogin
         inputs:
           targetType: "inline"
           script: |
             az cloud set --name AzureChinaCloud
-            az login --service-principal --username $(azclilogin) --password $(azclipwd) --tenant $(azclitenant)
+            az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_ID_TOKEN)
 
       - task: Bash@3
         displayName: Az CLI Create Resource Group for PR