diff --git a/charts/aks-operator-crd/templates/crds.yaml b/charts/aks-operator-crd/templates/crds.yaml
index 44cc392f..6f4b5023 100755
--- a/charts/aks-operator-crd/templates/crds.yaml
+++ b/charts/aks-operator-crd/templates/crds.yaml
@@ -138,9 +138,6 @@ spec:
                 type: string
               nullable: true
               type: object
-            tenantId:
-              nullable: true
-              type: string
             virtualNetwork:
               nullable: true
               type: string
diff --git a/controller/aks-cluster-config-handler.go b/controller/aks-cluster-config-handler.go
index ee9fb182..de51f90c 100644
--- a/controller/aks-cluster-config-handler.go
+++ b/controller/aks-cluster-config-handler.go
@@ -344,9 +344,6 @@ func (h *Handler) validateConfig(config *aksv1.AKSClusterConfig) error {
 	if config.Spec.ClusterName == "" {
 		return fmt.Errorf(cannotBeNilError, "clusterName", config.ClusterName)
 	}
-	if config.Spec.TenantID == "" {
-		return fmt.Errorf(cannotBeNilError, "tenantId", config.ClusterName)
-	}
 	if config.Spec.AzureCredentialSecret == "" {
 		return fmt.Errorf(cannotBeNilError, "azureCredentialSecret", config.ClusterName)
 	}
diff --git a/internal/aks/client.go b/internal/aks/client.go
index e6b991fc..72453d56 100644
--- a/internal/aks/client.go
+++ b/internal/aks/client.go
@@ -94,11 +94,15 @@ func GetSecrets(secretsCache wranglerv1.SecretCache, spec *aksv1.AKSClusterConfi
 		return nil, fmt.Errorf("couldn't find secret [%s] in namespace [%s]", id, ns)
 	}
 
+	tenantIDBytes := secret.Data["azurecredentialConfig-tenantId"]
 	subscriptionIDBytes := secret.Data["azurecredentialConfig-subscriptionId"]
 	clientIDBytes := secret.Data["azurecredentialConfig-clientId"]
 	clientSecretBytes := secret.Data["azurecredentialConfig-clientSecret"]
 
 	cannotBeNilError := "field [azurecredentialConfig-%s] must be provided in cloud credential"
+	if tenantIDBytes == nil {
+		return nil, fmt.Errorf(cannotBeNilError, "tenantId")
+	}
 	if subscriptionIDBytes == nil {
 		return nil, fmt.Errorf(cannotBeNilError, "subscriptionId")
 	}
@@ -109,10 +113,10 @@ func GetSecrets(secretsCache wranglerv1.SecretCache, spec *aksv1.AKSClusterConfi
 		return nil, fmt.Errorf(cannotBeNilError, "clientSecret")
 	}
 
+	cred.TenantID = string(tenantIDBytes)
 	cred.SubscriptionID = string(subscriptionIDBytes)
 	cred.ClientID = string(clientIDBytes)
 	cred.ClientSecret = string(clientSecretBytes)
-	cred.TenantID = spec.TenantID
 	cred.AuthBaseURL = spec.AuthBaseURL
 	cred.BaseURL = spec.BaseURL
 
diff --git a/pkg/apis/aks.cattle.io/v1/types.go b/pkg/apis/aks.cattle.io/v1/types.go
index 85757d80..3104e0e3 100644
--- a/pkg/apis/aks.cattle.io/v1/types.go
+++ b/pkg/apis/aks.cattle.io/v1/types.go
@@ -37,7 +37,6 @@ type AKSClusterConfigSpec struct {
 	ResourceLocation            string            `json:"resourceLocation" norman:"noupdate"`
 	ResourceGroup               string            `json:"resourceGroup" norman:"noupdate"`
 	ClusterName                 string            `json:"clusterName" norman:"noupdate"`
-	TenantID                    string            `json:"tenantId"`
 	AzureCredentialSecret       string            `json:"azureCredentialSecret"`
 	BaseURL                     *string           `json:"baseUrl"`
 	AuthBaseURL                 *string           `json:"authBaseUrl"`