diff --git a/sdk/identity/azure-identity/CHANGELOG.md b/sdk/identity/azure-identity/CHANGELOG.md
index ad4338314..b293e22da 100644
--- a/sdk/identity/azure-identity/CHANGELOG.md
+++ b/sdk/identity/azure-identity/CHANGELOG.md
@@ -8,6 +8,7 @@
### Breaking Changes
+- Modify the order of the credentials used within the `DefaultAzureCredential` to be consistent with other languages.
- Add `WorkloadIdentityCredential` to the `DefaultAzureCredential`.
### Bugs Fixed
diff --git a/sdk/identity/azure-identity/README.md b/sdk/identity/azure-identity/README.md
index a9e0906c8..893700bab 100644
--- a/sdk/identity/azure-identity/README.md
+++ b/sdk/identity/azure-identity/README.md
@@ -58,8 +58,8 @@ The `DefaultAzureCredential` attempts to authenticate via the following mechanis
1. **Environment** - The `DefaultAzureCredential` will read account information specified via [environment variables](#environment-variables) and use it to authenticate.
1. **Workload Identity Credential** - If the developer authenticates using a Kubernetes service account token.
-1. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
1. **Managed Identity** - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
+1. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
Even though the credentials being used and their order is documented, it may change from release to release.
diff --git a/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.md b/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.md
index 5ef482346..399c49056 100644
--- a/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.md
+++ b/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.md
@@ -6,7 +6,7 @@
%% 2. Run command: mmdc -i DefaultAzureCredentialAuthFlow.md -o DefaultAzureCredentialAuthFlow.svg
flowchart LR;
- A(Environment):::deployed ==> B(Workload Identity):::deployed ==> C(Azure CLI):::developer ==> D(Managed Identity):::deployed;
+ A(Environment):::deployed ==> B(Workload Identity):::deployed ==> C(Managed Identity):::deployed ==> D(Azure CLI):::developer;
subgraph CREDENTIAL TYPES;
direction LR;
diff --git a/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.svg b/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.svg
index 8aa89eeb2..672a6074c 100644
--- a/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.svg
+++ b/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
\ No newline at end of file
diff --git a/sdk/identity/azure-identity/inc/azure/identity/default_azure_credential.hpp b/sdk/identity/azure-identity/inc/azure/identity/default_azure_credential.hpp
index 22858b4ae..52f1707af 100644
--- a/sdk/identity/azure-identity/inc/azure/identity/default_azure_credential.hpp
+++ b/sdk/identity/azure-identity/inc/azure/identity/default_azure_credential.hpp
@@ -26,7 +26,7 @@ namespace Azure { namespace Identity {
*
* @details This credential is using several credentials in the following order:
* #Azure::Identity::EnvironmentCredential, #Azure::Identity::WorkloadIdentityCredential,
- * #Azure::Identity::AzureCliCredential, and #Azure::Identity::ManagedIdentityCredential. Even
+ * #Azure::Identity::ManagedIdentityCredential, and #Azure::Identity::AzureCliCredential. Even
* though the credentials being used and their order is documented, it may be changed in the
* future versions of the SDK, potentially introducing breaking changes in its behavior.
*
diff --git a/sdk/identity/azure-identity/src/default_azure_credential.cpp b/sdk/identity/azure-identity/src/default_azure_credential.cpp
index 3995cb6ea..26d1e06af 100644
--- a/sdk/identity/azure-identity/src/default_azure_credential.cpp
+++ b/sdk/identity/azure-identity/src/default_azure_credential.cpp
@@ -40,12 +40,12 @@ DefaultAzureCredential::DefaultAzureCredential(
// Creating credentials in order to ensure the order of log messages.
auto const envCred = std::make_shared(options);
auto const wiCred = std::make_shared(options);
- auto const azCliCred = std::make_shared(options);
auto const managedIdentityCred = std::make_shared(options);
+ auto const azCliCred = std::make_shared(options);
m_impl = std::make_unique<_detail::ChainedTokenCredentialImpl>(
GetCredentialName(),
- ChainedTokenCredential::Sources{envCred, wiCred, azCliCred, managedIdentityCred});
+ ChainedTokenCredential::Sources{envCred, wiCred, managedIdentityCred, azCliCred});
}
DefaultAzureCredential::~DefaultAzureCredential() = default;
diff --git a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp
index 4b7a56b6d..9dede427b 100644
--- a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp
+++ b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp
@@ -97,49 +97,49 @@ TEST(DefaultAzureCredential, LogMessages)
"ClientSecretCredential with corresponding tenantId, clientId, clientSecret, and "
"authorityHost gets created.");
- EXPECT_EQ(log[3].first, Logger::Level::Informational);
+ EXPECT_EQ(log[3].first, Logger::Level::Verbose);
EXPECT_EQ(
log[3].second,
- "Identity: AzureCliCredential created."
- "\nSuccessful creation does not guarantee further successful token retrieval.");
+ "Identity: ManagedIdentityCredential: Environment is not set up for the credential "
+ "to be created with App Service 2019 source.");
EXPECT_EQ(log[4].first, Logger::Level::Verbose);
EXPECT_EQ(
log[4].second,
"Identity: ManagedIdentityCredential: Environment is not set up for the credential "
- "to be created with App Service 2019 source.");
+ "to be created with App Service 2017 source.");
EXPECT_EQ(log[5].first, Logger::Level::Verbose);
EXPECT_EQ(
log[5].second,
"Identity: ManagedIdentityCredential: Environment is not set up for the credential "
- "to be created with App Service 2017 source.");
+ "to be created with Cloud Shell source.");
EXPECT_EQ(log[6].first, Logger::Level::Verbose);
EXPECT_EQ(
log[6].second,
"Identity: ManagedIdentityCredential: Environment is not set up for the credential "
- "to be created with Cloud Shell source.");
+ "to be created with Azure Arc source.");
- EXPECT_EQ(log[7].first, Logger::Level::Verbose);
+ EXPECT_EQ(log[7].first, Logger::Level::Informational);
EXPECT_EQ(
log[7].second,
- "Identity: ManagedIdentityCredential: Environment is not set up for the credential "
- "to be created with Azure Arc source.");
+ "Identity: ManagedIdentityCredential will be created "
+ "with Azure Instance Metadata Service source."
+ "\nSuccessful creation does not guarantee further successful token retrieval.");
EXPECT_EQ(log[8].first, Logger::Level::Informational);
EXPECT_EQ(
log[8].second,
- "Identity: ManagedIdentityCredential will be created "
- "with Azure Instance Metadata Service source."
+ "Identity: AzureCliCredential created."
"\nSuccessful creation does not guarantee further successful token retrieval.");
EXPECT_EQ(log[9].first, Logger::Level::Informational);
EXPECT_EQ(
log[9].second,
"Identity: DefaultAzureCredential: Created with the following credentials: "
- "EnvironmentCredential, WorkloadIdentityCredential, AzureCliCredential, "
- "ManagedIdentityCredential.");
+ "EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, "
+ "AzureCliCredential.");
log.clear();