AzureRM provider cannot Disable authorized IP ranges for AKS

The Microsoft Azure Kubernetes Service documentation, section Disable authorized IP ranges says:

To disable authorized IP ranges, use az aks update and specify an empty range to disable API server authorized IP ranges. For example:

az aks update \
    --resource-group myResourceGroup \
    --name myAKSCluster \
    --api-server-authorized-ip-ranges ""

And, the AzureRM provider (tried 3.78.0) can not perform the equivalent action.

All the signs I can see suggest this is a regression as the provider in/around version 3.57.0 could do that - I have at least 4 clusters created with the provider where it worked and Azure Portal shows:


instead of


It looks like I’m not the only one here who experienced this problem

There have also been multiple issues opened about it, but none received any resolution - worrying! I’ve posted more details to one of those issues