diff --git a/modules/python/clusterloader2/cri/config/config.yaml b/modules/python/clusterloader2/cri/config/config.yaml
index bf1573b404..b365ecfd32 100644
--- a/modules/python/clusterloader2/cri/config/config.yaml
+++ b/modules/python/clusterloader2/cri/config/config.yaml
@@ -18,7 +18,7 @@ name: resource-consumer
 {{$loadType := DefaultParam .CL2_LOAD_TYPE "memory"}}
 
 {{$provider := DefaultParam .CL2_PROVIDER "aks"}}
-{{$registryEndpoint := DefaultParam .CL2_REGISTRY_ENDPOINT "akscritelescope.azure.io" }}
+{{$registryEndpoint := DefaultParam .CL2_REGISTRY_ENDPOINT "akscritelescope.azurecr.io" }}
 {{$osType := DefaultParam .CL2_OS_TYPE "linux"}}
 {{$scrapeKubelets := DefaultParam .CL2_SCRAPE_KUBELETS false}}
 {{$scrapeContainerd := DefaultParam .CL2_SCRAPE_CONTAINERD false}}
diff --git a/pipelines/perf-eval/ACR Benchmark/image-pull-n10.yml b/pipelines/perf-eval/ACR Benchmark/image-pull-n10.yml
index b6e036dc45..6e932ac8cc 100644
--- a/pipelines/perf-eval/ACR Benchmark/image-pull-n10.yml	
+++ b/pipelines/perf-eval/ACR Benchmark/image-pull-n10.yml	
@@ -25,7 +25,7 @@ stages:
             image: "ghcr.io/azure/clusterloader2:v20250513"
           topology: image-pull
           matrix:
-            image-pull-10pods:
+            image-pull-10pods-authenticated:
               node_count: 10
               max_pods: 30
               repeats: 1
@@ -38,6 +38,21 @@ stages:
               registry_endpoint: acrtelescope.azurecr.io
               kubernetes_version: "1.34"
               pod_startup_latency_threshold: 20s
+              anonymous_pull: False
+            image-pull-10pods-anonymous:
+              node_count: 10
+              max_pods: 30
+              repeats: 1
+              operation_timeout: 3m
+              load_type: memory
+              scrape_containerd: True
+              scrape_kubelets: True
+              scrape_registry: True
+              containerd_scrape_interval: 15s
+              registry_endpoint: acrtelescope.azurecr.io
+              kubernetes_version: "1.34"
+              pod_startup_latency_threshold: 20s
+              anonymous_pull: True
           max_parallel: 1
           credential_type: service_connection
           ssh_key_enabled: false
diff --git a/steps/cloud/azure/authenticate-acr.yml b/steps/cloud/azure/authenticate-acr.yml
new file mode 100644
index 0000000000..4250049018
--- /dev/null
+++ b/steps/cloud/azure/authenticate-acr.yml
@@ -0,0 +1,68 @@
+parameters:
+- name: region
+  type: string
+- name: role
+  type: string
+
+steps:
+- script: |
+    set -euo pipefail
+    set -x
+
+    anonymous_pull="${ANONYMOUS_PULL:-True}"
+    anonymous_pull="${anonymous_pull,,}"
+
+    acr_name=""
+    if [[ -n "$REGISTRY_ENDPOINT" ]]; then
+        az config unset defaults.location
+
+        acr_name=$(az resource list --resource-type Microsoft.ContainerRegistry/registries \
+          --name "${REGISTRY_ENDPOINT%%.*}" \
+          --query "[0].name" --output tsv)
+
+        az config set defaults.location="$REGION"
+    fi
+
+    [[ -n "$acr_name" ]] || exit 0
+
+    acr_info=$(az acr show --name "$acr_name" --output json)
+    anonymous_pull_enabled=$(echo "$acr_info" | jq -r '.anonymousPullEnabled')
+    role_assignment_mode=$(echo "$acr_info" | jq -r '.roleAssignmentMode')
+
+    if [[ "$anonymous_pull" == "true" ]]; then
+      if [[ "$anonymous_pull_enabled" == "false" ]]; then
+        echo "Enabling anonymous pull for ACR $acr_name"
+        az acr update --name $acr_name --anonymous-pull-enabled
+      fi
+    else
+      if [[ "$anonymous_pull_enabled" == "true" ]]; then
+        echo "Disabling anonymous pull for ACR $acr_name"
+        az acr update --name $acr_name --anonymous-pull-enabled false
+      fi
+
+      if [[ "$role_assignment_mode" == "AbacRepositoryPermissions" ]]; then
+        echo "Updating role assignment mode from rbac-abac to rbac for ACR $acr_name"
+        az acr update --name $acr_name --role-assignment-mode "rbac"
+      fi
+
+      aks_info=$(az resource list \
+        --resource-type Microsoft.ContainerService/managedClusters \
+        --location "$REGION" \
+        --query "[?tags.run_id=='${RUN_ID}' && tags.role=='${ROLE}']" \
+        --output json)
+
+      aks_name=$(echo "$aks_info" | jq -r '.[0].name')
+      aks_rg=$(echo "$aks_info" | jq -r '.[0].resourceGroup')
+
+      if [ -z "$aks_name" ]; then
+        echo "##vso[task.logissue type=error;] No AKS instance with role $ROLE and tag $RUN_ID found in region $REGION."
+        exit 1
+      fi
+
+      az aks update --name $aks_name --resource-group $aks_rg --attach-acr $acr_name
+    fi
+  env:
+    RUN_ID: $(RUN_ID)
+    REGION: ${{ parameters.region }}
+    ROLE: ${{ parameters.role }}
+  displayName: "Authenticate with ACR from AKS"
diff --git a/steps/topology/image-pull/validate-resources.yml b/steps/topology/image-pull/validate-resources.yml
index 000578974b..ac068363ad 100644
--- a/steps/topology/image-pull/validate-resources.yml
+++ b/steps/topology/image-pull/validate-resources.yml
@@ -11,6 +11,11 @@ steps:
   parameters:
     role: client
     region: ${{ parameters.regions[0] }}
+- ${{ if eq(parameters.cloud, 'azure') }}:
+  - template: /steps/cloud/azure/authenticate-acr.yml
+    parameters:
+      role: client
+      region: ${{ parameters.regions[0] }}
 - template: /steps/engine/clusterloader2/large-cluster/validate.yml
   parameters:
     desired_nodes: 14