diff --git a/cli/internal/terraform/terraform.go b/cli/internal/terraform/terraform.go
index c4dd52aff5..2af8d2635e 100644
--- a/cli/internal/terraform/terraform.go
+++ b/cli/internal/terraform/terraform.go
@@ -254,13 +254,13 @@ func (c *Client) ShowCluster(ctx context.Context, provider cloudprovider.Provide
 			}
 		}
 
-		azureUAMIOutput, ok := tfState.Values.Outputs["user_assigned_identity"]
+		azureUAMIOutput, ok := tfState.Values.Outputs["user_assigned_identity_client_id"]
 		if !ok {
-			return ApplyOutput{}, errors.New("no user_assigned_identity output found")
+			return ApplyOutput{}, errors.New("no user_assigned_identity_client_id output found")
 		}
 		azureUAMI, ok := azureUAMIOutput.Value.(string)
 		if !ok {
-			return ApplyOutput{}, errors.New("invalid type in user_assigned_identity output: not a string")
+			return ApplyOutput{}, errors.New("invalid type in user_assigned_identity_client_id output: not a string")
 		}
 
 		rgOutput, ok := tfState.Values.Outputs["resource_group"]
diff --git a/cli/internal/terraform/terraform/azure/main.tf b/cli/internal/terraform/terraform/azure/main.tf
index 18d64e3c68..3860ef876c 100644
--- a/cli/internal/terraform/terraform/azure/main.tf
+++ b/cli/internal/terraform/terraform/azure/main.tf
@@ -38,6 +38,8 @@ locals {
   // wildcard_lb_dns_name is the DNS name of the load balancer with a wildcard for the name.
   // example: given "name-1234567890.location.cloudapp.azure.com" it will return "*.location.cloudapp.azure.com"
   wildcard_lb_dns_name = replace(data.azurerm_public_ip.loadbalancer_ip.fqdn, "/^[^.]*\\./", "*.")
+  uai_resource_group   = element(split("/", var.user_assigned_identity), 4)                                                  // deduce from format /$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME"
+  uai_name             = element(split("/", var.user_assigned_identity), length(split("/", var.user_assigned_identity)) - 1) // deduce as above
 }
 
 resource "random_id" "uid" {
@@ -280,6 +282,11 @@ module "scale_set_group" {
 data "azurerm_subscription" "current" {
 }
 
+data "azurerm_user_assigned_identity" "uaid" {
+  name                = local.uai_name
+  resource_group_name = local.uai_resource_group
+}
+
 moved {
   from = module.scale_set_control_plane
   to   = module.scale_set_group["control_plane_default"]
diff --git a/cli/internal/terraform/terraform/azure/outputs.tf b/cli/internal/terraform/terraform/azure/outputs.tf
index c857f31135..3f03148e25 100644
--- a/cli/internal/terraform/terraform/azure/outputs.tf
+++ b/cli/internal/terraform/terraform/azure/outputs.tf
@@ -28,8 +28,8 @@ output "loadbalancer_name" {
 }
 
 
-output "user_assigned_identity" {
-  value = var.user_assigned_identity
+output "user_assigned_identity_client_id" {
+  value = data.azurerm_user_assigned_identity.uaid.client_id
 }
 
 output "resource_group" {
diff --git a/cli/internal/terraform/terraform/azure/variables.tf b/cli/internal/terraform/terraform/azure/variables.tf
index 76d68555bb..053837f835 100644
--- a/cli/internal/terraform/terraform/azure/variables.tf
+++ b/cli/internal/terraform/terraform/azure/variables.tf
@@ -59,7 +59,7 @@ variable "resource_group" {
 }
 variable "user_assigned_identity" {
   type        = string
-  description = "The name of the user assigned identity to attache to the nodes of the cluster."
+  description = "The name of the user assigned identity to attach to the nodes of the cluster. Should be of format: /subscriptions/$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME"
 }
 
 variable "custom_endpoint" {
diff --git a/cli/internal/terraform/terraform/iam/azure/outputs.tf b/cli/internal/terraform/terraform/iam/azure/outputs.tf
index 7e13fabb0d..d3bcb1a944 100644
--- a/cli/internal/terraform/terraform/iam/azure/outputs.tf
+++ b/cli/internal/terraform/terraform/iam/azure/outputs.tf
@@ -7,5 +7,6 @@ output "tenant_id" {
 }
 
 output "uami_id" {
-  value = azurerm_user_assigned_identity.identity_uami.id
+  description = "Outputs the id in the format: /$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME. Not to be confused with the client_id"
+  value       = azurerm_user_assigned_identity.identity_uami.id
 }
diff --git a/cli/internal/terraform/terraform_test.go b/cli/internal/terraform/terraform_test.go
index 435cc55339..5b4b6c3fe9 100644
--- a/cli/internal/terraform/terraform_test.go
+++ b/cli/internal/terraform/terraform_test.go
@@ -248,7 +248,7 @@ func TestCreateCluster(t *testing.T) {
 					"api_server_cert_sans": {
 						Value: []any{"192.0.2.100"},
 					},
-					"user_assigned_identity": {
+					"user_assigned_identity_client_id": {
 						Value: "test_uami_id",
 					},
 					"resource_group": {