diff --git a/src/azure-cli-core/azure/cli/core/_profile.py b/src/azure-cli-core/azure/cli/core/_profile.py
index 71411aa430b..547067d6b0d 100644
--- a/src/azure-cli-core/azure/cli/core/_profile.py
+++ b/src/azure-cli-core/azure/cli/core/_profile.py
@@ -561,8 +561,9 @@ def get_login_credentials(self, resource=None, subscription_id=None, aux_subscri
                 if sub[_TENANT_ID] != account[_TENANT_ID]:
                     external_tenants_info.append(sub[_TENANT_ID])
 
-        if external_tenants_info and (identity_type or in_cloud_console()):
-            raise CLIError("Cross-tenant authentication is not supported by managed identity and Cloud Shell. "
+        if external_tenants_info and \
+                (in_cloud_console() and account[_USER_ENTITY].get(_CLOUD_SHELL_ID) or identity_type):
+            raise CLIError("Cross-tenant authentication is not supported by managed identity and Cloud Shell account. "
                            "Please run `az login` with a user account or a service principal.")
 
         if identity_type is None: