diff --git a/sdk/identity/azure-identity/README.md b/sdk/identity/azure-identity/README.md
index 609cd5e41..621206bc8 100644
--- a/sdk/identity/azure-identity/README.md
+++ b/sdk/identity/azure-identity/README.md
@@ -58,8 +58,8 @@ The `DefaultAzureCredential` attempts to authenticate via the following mechanis
1. **Environment** - The `DefaultAzureCredential` will read account information specified via [environment variables](#environment-variables) and use it to authenticate.
1. **Workload Identity Credential** - If the developer authenticates using a Kubernetes service account token.
-1. **Managed Identity** - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
1. **Azure CLI** - If the developer has authenticated an account via the Azure CLI `az login` command, the `DefaultAzureCredential` will authenticate with that account.
+1. **Managed Identity** - If the application is deployed to an Azure host with Managed Identity enabled, the `DefaultAzureCredential` will authenticate with that account.
Even though the credentials being used and their order is documented, it may change from release to release.
diff --git a/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.md b/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.md
index 399c49056..5ef482346 100644
--- a/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.md
+++ b/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.md
@@ -6,7 +6,7 @@
%% 2. Run command: mmdc -i DefaultAzureCredentialAuthFlow.md -o DefaultAzureCredentialAuthFlow.svg
flowchart LR;
- A(Environment):::deployed ==> B(Workload Identity):::deployed ==> C(Managed Identity):::deployed ==> D(Azure CLI):::developer;
+ A(Environment):::deployed ==> B(Workload Identity):::deployed ==> C(Azure CLI):::developer ==> D(Managed Identity):::deployed;
subgraph CREDENTIAL TYPES;
direction LR;
diff --git a/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.svg b/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.svg
index 672a6074c..da0042e11 100644
--- a/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.svg
+++ b/sdk/identity/azure-identity/img/mermaidjs/DefaultAzureCredentialAuthFlow.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
\ No newline at end of file
diff --git a/sdk/identity/azure-identity/inc/azure/identity/default_azure_credential.hpp b/sdk/identity/azure-identity/inc/azure/identity/default_azure_credential.hpp
index 48ee1eaf0..a209f94b9 100644
--- a/sdk/identity/azure-identity/inc/azure/identity/default_azure_credential.hpp
+++ b/sdk/identity/azure-identity/inc/azure/identity/default_azure_credential.hpp
@@ -30,7 +30,7 @@ namespace Azure { namespace Identity {
*
* @details This credential is using several credentials in the following order:
* #Azure::Identity::EnvironmentCredential, #Azure::Identity::WorkloadIdentityCredential,
- * #Azure::Identity::ManagedIdentityCredential, and #Azure::Identity::AzureCliCredential. Even
+ * #Azure::Identity::AzureCliCredential, and #Azure::Identity::ManagedIdentityCredential. Even
* though the credentials being used and their order is documented, it may be changed in the
* future versions of the SDK, potentially introducing breaking changes in its behavior.
*
diff --git a/sdk/identity/azure-identity/src/default_azure_credential.cpp b/sdk/identity/azure-identity/src/default_azure_credential.cpp
index cda1bd5d8..e6dafd328 100644
--- a/sdk/identity/azure-identity/src/default_azure_credential.cpp
+++ b/sdk/identity/azure-identity/src/default_azure_credential.cpp
@@ -40,14 +40,14 @@ DefaultAzureCredential::DefaultAzureCredential(
// Creating credentials in order to ensure the order of log messages.
auto const envCred = std::make_shared(options);
auto const wiCred = std::make_shared(options);
- auto const managedIdentityCred = std::make_shared(options);
auto const azCliCred = std::make_shared(options);
+ auto const managedIdentityCred = std::make_shared(options);
// DefaultAzureCredential caches the selected credential, so that it can be reused on subsequent
// calls.
m_impl = std::make_unique<_detail::ChainedTokenCredentialImpl>(
GetCredentialName(),
- ChainedTokenCredential::Sources{envCred, wiCred, managedIdentityCred, azCliCred},
+ ChainedTokenCredential::Sources{envCred, wiCred, azCliCred, managedIdentityCred},
true);
}
diff --git a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp
index bff25eac0..d57195238 100644
--- a/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp
+++ b/sdk/identity/azure-identity/test/ut/default_azure_credential_test.cpp
@@ -198,40 +198,40 @@ TEST(DefaultAzureCredential, LogMessages)
EXPECT_EQ(log[3].first, Logger::Level::Informational);
EXPECT_EQ(log[3].second, "Identity: WorkloadIdentityCredential was created successfully.");
- EXPECT_EQ(log[4].first, Logger::Level::Verbose);
- EXPECT_EQ(
- log[4].second,
- "Identity: ManagedIdentityCredential: Environment is not set up for the credential "
- "to be created with App Service 2019 source.");
-
EXPECT_EQ(log[5].first, Logger::Level::Verbose);
EXPECT_EQ(
log[5].second,
"Identity: ManagedIdentityCredential: Environment is not set up for the credential "
- "to be created with App Service 2017 source.");
+ "to be created with App Service 2019 source.");
EXPECT_EQ(log[6].first, Logger::Level::Verbose);
EXPECT_EQ(
log[6].second,
"Identity: ManagedIdentityCredential: Environment is not set up for the credential "
- "to be created with Cloud Shell source.");
+ "to be created with App Service 2017 source.");
EXPECT_EQ(log[7].first, Logger::Level::Verbose);
EXPECT_EQ(
log[7].second,
"Identity: ManagedIdentityCredential: Environment is not set up for the credential "
- "to be created with Azure Arc source.");
+ "to be created with Cloud Shell source.");
- EXPECT_EQ(log[8].first, Logger::Level::Informational);
+ EXPECT_EQ(log[8].first, Logger::Level::Verbose);
EXPECT_EQ(
log[8].second,
- "Identity: ManagedIdentityCredential will be created "
- "with Azure Instance Metadata Service source."
- "\nSuccessful creation does not guarantee further successful token retrieval.");
+ "Identity: ManagedIdentityCredential: Environment is not set up for the credential "
+ "to be created with Azure Arc source.");
EXPECT_EQ(log[9].first, Logger::Level::Informational);
EXPECT_EQ(
log[9].second,
+ "Identity: ManagedIdentityCredential will be created "
+ "with Azure Instance Metadata Service source."
+ "\nSuccessful creation does not guarantee further successful token retrieval.");
+
+ EXPECT_EQ(log[4].first, Logger::Level::Informational);
+ EXPECT_EQ(
+ log[4].second,
"Identity: AzureCliCredential created."
"\nSuccessful creation does not guarantee further successful token retrieval.");
@@ -239,8 +239,8 @@ TEST(DefaultAzureCredential, LogMessages)
EXPECT_EQ(
log[10].second,
"Identity: DefaultAzureCredential: Created with the following credentials: "
- "EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, "
- "AzureCliCredential.");
+ "EnvironmentCredential, WorkloadIdentityCredential, AzureCliCredential, "
+ "ManagedIdentityCredential.");
log.clear();