Using MSI with Azure DevOps Pipelines

With the self hosted agent installed in the VM ( enabled system-assigned identity), we are facing an issue with the terraform initialization with the below error.

Error: Error inspecting states in the “azurerm” backend:
Error retrieving keys for Storage Account "* ": azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to StatusCode=400 – Original Error: adal: Refresh request failed. Status Code = ‘400’. Response body: {“error”:“unauthorized_client”,“error_description”:"AADSTS700016: Application with identifier ‘null’ was not found in the directory '** '. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

The VM is using user assigned identity. The managed identity is provisioned as Contributor in Subscription level.

When comment out the backend block, it can pass the init but plan error.
Initializing provider plugins…
Finding hashicorp/azurerm versions matching “2.46.0”…
Installing hashicorp/azurerm v2.46.0…
Installed hashicorp/azurerm v2.46.0 (signed by HashiCorp)
Missing backend configuration
backend-config was used without a “backend” block in the configuration.
If you intended to override the default local backend configuration,
no action is required, but you may add an explicit backend block to your
configuration to clear this warning:
terraform {
backend “local” {}
However, if you intended to override a defined backend, please verify that
the backend configuration is present and valid.
Terraform has been successfully initialized!

are you using the ARM_ACCESS_KEY to get the backend?

I can get the backend hydrated, but get an error on the resource manager api