diff --git a/sdk/azidentity/CHANGELOG.md b/sdk/azidentity/CHANGELOG.md
index 7c48853658cf..06209c7bca8e 100644
--- a/sdk/azidentity/CHANGELOG.md
+++ b/sdk/azidentity/CHANGELOG.md
@@ -8,6 +8,7 @@
 ### Breaking Changes
 
 ### Bugs Fixed
+* `azidentity.doForClient` method no longer removes headers from the incoming request
 
 ### Other Changes
 
diff --git a/sdk/azidentity/azidentity.go b/sdk/azidentity/azidentity.go
index 67ff1cd2763f..b592fddc93cc 100644
--- a/sdk/azidentity/azidentity.go
+++ b/sdk/azidentity/azidentity.go
@@ -151,6 +151,17 @@ func doForClient(client *azcore.Client, r *http.Request) (*http.Response, error)
 			return nil, err
 		}
 	}
+
+	// copy headers to the new request, ignoring any for which the new request has a value
+	h := req.Raw().Header
+	for key, vals := range r.Header {
+		if _, has := h[key]; !has {
+			for _, val := range vals {
+				h.Add(key, val)
+			}
+		}
+	}
+
 	resp, err := client.Pipeline().Do(req)
 	if err != nil {
 		return nil, err
diff --git a/sdk/azidentity/azidentity_test.go b/sdk/azidentity/azidentity_test.go
index a038f337a351..ea07cac60a80 100644
--- a/sdk/azidentity/azidentity_test.go
+++ b/sdk/azidentity/azidentity_test.go
@@ -1075,6 +1075,10 @@ func TestDoForClient(t *testing.T) {
 					assert.Empty(t, rb)
 				}
 
+				for k, v := range tt.headers {
+					assert.Equal(t, v, req.Header[k])
+				}
+
 				assert.Equal(t, policyHeaderValue, req.Header.Get(policyHeaderName))
 
 				rw.Header().Set("content-type", "application/json")