diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
index 760ffbe5db63c..153a913907539 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
@@ -321,7 +321,8 @@ public Mono<AccessToken> authenticateWithAzureCli(TokenRequestContext request) {
 
         try {
             String tenant = IdentityUtil.resolveTenantId(tenantId, request, options);
-            if (!CoreUtils.isNullOrEmpty(tenant)) {
+            // The default is not correct for many cases, such as when the logged in entity is a service principal.
+            if (!CoreUtils.isNullOrEmpty(tenant) && !tenant.equals(IdentityUtil.DEFAULT_TENANT)) {
                 azCommand.append(" --tenant ").append(tenant);
             }
         } catch (ClientAuthenticationException e) {
@@ -362,7 +363,7 @@ public Mono<AccessToken> authenticateWithAzureDeveloperCli(TokenRequestContext r
 
         try {
             String tenant = IdentityUtil.resolveTenantId(tenantId, request, options);
-            if (!CoreUtils.isNullOrEmpty(tenant)) {
+            if (!CoreUtils.isNullOrEmpty(tenant) && !tenant.equals(IdentityUtil.DEFAULT_TENANT)) {
                 azdCommand.append(" --tenant-id ").append(tenant);
             }
         } catch (ClientAuthenticationException e) {