AKS VMSS Managed Identities

Hi, when creating an AKS cluster via Terraform, we’d like to adjust managed identities on the VMSSes that are created.
The first issue we ran into, is that the modules for the cluster and nodepool do not return the ID of the created VMSSes, but I understand this is impossible due to how the Azure API works. We were able to work around this with importing the resources later.
However, we cannot after the creation adjust them, since it gives us errors as the VMSS cannot be updated due to it trying to lookup the VMSS image in a subscription owned by Microsoft.

 Code="LinkedAuthorizationFailed" Message="The client has permission to perform action 'Microsoft.Compute/galleries/images/versions/read' on scope '/subscriptions/SUBSCRIPTION_ID/resourceGroups/MC_generated-resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/aks-nodepool-10657432-vmss', however the current tenant 'TENANT_ID' is not authorized to access linked subscription '109a5e88-712a-48ae-9078-9ca8b3c81345'."

I’ve seen in Github issues from Azure that it is possible if we adjust the VMSS PUT instead of a POST, would that be possible to fix? Either with allowing us to adjust the VMSS with a PUT, or by allowing us to specify a (list) of managed identity IDs to have on the VMSS backed agent pools.