[BUG] az aks update Error Message Enhancement when attach AKS with Managed Identity to ACR on a different Microsoft Entra tenant

[AdelRefaat]

Describe the bug With AKS cluster (using Managed Identity) is in Tenant A and the Azure container registry is in Tenant B When trying to attach ACR The result is a misleading error message of: Could not create a role assignment for ACR. Are you an Owner on this subscription?

Which is a misleading error message as this scenario is not currently supported as per docs here https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-faq "managed identities don't currently support cross-directory scenarios"

To Reproduce

1. Having AKS cluster (with Managed Identity) on Tenant A
2. Having ACR on Tenant B
3. Run command below to attach ACR to AKS az aks update -g <ResourceGroup> -n <Name> --attach-acr /subscriptions/<SubscriptionId>/resourceGroups/<AcrResourceGroup>/providers/Microsoft.ContainerRegistry/registries/<AcrName> --debug
4. Debug error messages will be something like Principal xyz does not exist in the directory abc. Check that you have the correct principal ID
5. Result error message will be Could not create a role assignment for ACR. Are you an Owner on this subscription?

Expected behavior A more descriptive error message should be displayed along the lines of: Attaching an ACR on different tenant is not currently supported.

Environment (please complete the following information):

• CLI Version 2.59.0
• Kubernetes version NA
• CLI Extension version NA
• Browser [e.g. chrome, safari] NA

Additional context Please see more info here: https://github.com/Azure/AKS/issues/4190