diff --git a/builder/azure/common/client/config.go b/builder/azure/common/client/config.go
index 1a9a34b5..fb3ddf43 100644
--- a/builder/azure/common/client/config.go
+++ b/builder/azure/common/client/config.go
@@ -246,7 +246,8 @@ func (c Config) UseMSI() bool {
 		c.ClientJWT == "" &&
 		c.ClientCertPath == "" &&
 		c.TenantID == "" &&
-		c.OidcRequestToken == ""
+		c.OidcRequestToken == "" &&
+		c.OidcRequestURL == ""
 }
 
 // FillParameters capture the user intent from the supplied parameter set in AuthType, retrieves the TenantID and CloudEnvironment if not specified.
diff --git a/builder/azure/common/client/config_test.go b/builder/azure/common/client/config_test.go
index 024783b1..9c11e830 100644
--- a/builder/azure/common/client/config_test.go
+++ b/builder/azure/common/client/config_test.go
@@ -52,6 +52,13 @@ func Test_ClientConfig_RequiredParametersSet(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "oidc request url, oidc request token, client id, and tenant sh",
+			config: Config{
+				TenantID: "ok",
+			},
+			wantErr: true,
+		},
 		{
 			name: "client_secret without client_id should error",
 			config: Config{
@@ -158,6 +165,67 @@ func Test_ClientConfig_AzureCli(t *testing.T) {
 	}
 }
 
+func Test_ClientConfig_GitHubOIDC(t *testing.T) {
+	retrievedTid := "my-tenant-id"
+	findTenantID = func(environments.Environment, string) (string, error) { return retrievedTid, nil }
+	cfg := Config{
+		cloudEnvironment: environments.AzurePublic(),
+		OidcRequestToken: "whatever",
+		OidcRequestURL:   "whatever",
+		ClientID:         "whatever",
+		SubscriptionID:   "whatever",
+	}
+	assertValid(t, cfg)
+
+	err := cfg.FillParameters()
+	if err != nil {
+		t.Fatalf("Expected nil err, but got: %v", err)
+	}
+
+	if cfg.AuthType() != AuthTypeOidcURL {
+		t.Fatalf("Expected authType to be %q, but got: %q", AuthTypeAzureCLI, cfg.AuthType())
+	}
+}
+
+func Test_ClientConfig_GitHubOIDC_Rejections(t *testing.T) {
+	// No Subscription
+	cfg := Config{
+		cloudEnvironment: environments.AzurePublic(),
+		OidcRequestToken: "whatever",
+		OidcRequestURL:   "whatever",
+		ClientID:         "whatever",
+	}
+	assertInvalid(t, cfg)
+
+	// No Request Token
+	cfg = Config{
+		cloudEnvironment: environments.AzurePublic(),
+		SubscriptionID:   "whatever",
+		OidcRequestURL:   "whatever",
+		ClientID:         "whatever",
+	}
+	assertInvalid(t, cfg)
+
+	// No Request URL
+	cfg = Config{
+		cloudEnvironment: environments.AzurePublic(),
+		OidcRequestToken: "whatever",
+		SubscriptionID:   "whatever",
+		ClientID:         "whatever",
+	}
+	assertInvalid(t, cfg)
+
+	// No Client ID
+	cfg = Config{
+		cloudEnvironment: environments.AzurePublic(),
+		OidcRequestToken: "whatever",
+		SubscriptionID:   "whatever",
+		OidcRequestURL:   "whatever",
+	}
+	assertInvalid(t, cfg)
+
+}
+
 func getEnvOrSkip(t *testing.T, envVar string) string {
 	v := os.Getenv(envVar)
 	if v == "" {