diff --git a/.pipelines/get-aad-app-creds-from-kv.sh b/.pipelines/get-aad-app-creds-from-kv.sh
index 8ef56cddb..a0ba464cc 100755
--- a/.pipelines/get-aad-app-creds-from-kv.sh
+++ b/.pipelines/get-aad-app-creds-from-kv.sh
@@ -11,6 +11,8 @@ do
            KV) KV=$VALUE ;;
            KVSECRETNAMEAPPID) AppId=$VALUE ;;
            KVSECRETNAMEAPPSECRET) AppSecret=$VALUE ;;
+           KVSECRETNAMECDPXAPPID) CdpxAppId=$VALUE ;;
+           KVSECRETNAMECDPXAPPSECRET) CdpxAppSecret=$VALUE ;;
            *)
     esac
 done
@@ -27,4 +29,16 @@ az keyvault secret download --file ~/acrappsecret --vault-name ${KV}  --name ${A
 
 echo "downloaded the appsecret from KV:${KV} and KV secret:${AppSecret}"
 
+echo "key vault secret name for cdpx appid:${KVSECRETNAMECDPXAPPID}"
+
+echo "key vault secret name for cdpx appsecret:${KVSECRETNAMECDPXAPPSECRET}"
+
+az keyvault secret download --file ~/cdpxacrappid --vault-name ${KV}  --name ${CdpxAppId}
+
+echo "downloaded the appid from KV:${KV} and KV secret:${CdpxAppId}"
+
+az keyvault secret download --file ~/cdpxacrappsecret --vault-name ${KV}  --name ${CdpxAppSecret}
+
+echo "downloaded the appsecret from KV:${KV} and KV secret:${CdpxAppSecret}"
+
 echo "end: get app id and secret from specified key vault"
diff --git a/.pipelines/pull-from-cdpx-and-push-to-ci-acr-linux-image.sh b/.pipelines/pull-from-cdpx-and-push-to-ci-acr-linux-image.sh
index 638d3a937..3844ea185 100755
--- a/.pipelines/pull-from-cdpx-and-push-to-ci-acr-linux-image.sh
+++ b/.pipelines/pull-from-cdpx-and-push-to-ci-acr-linux-image.sh
@@ -25,12 +25,21 @@ ACR_APP_ID=$(cat ~/acrappid)
 ACR_APP_SECRET=$(cat ~/acrappsecret)
 echo "end: read appid and appsecret"
 
+echo "start: read appid and appsecret for cdpx"
+CDPX_ACR_APP_ID=$(cat ~/cdpxacrappid)
+CDPX_ACR_APP_SECRET=$(cat ~/cdpxacrappsecret)
+echo "end: read appid and appsecret which has read access on cdpx acr"
+
+
+# Name of CDPX_ACR should be in this format :Naming convention: 'cdpx' + service tree id without '-' + two digit suffix like'00'/'01
+# suffix 00 primary and 01 secondary, and we only use primary
+# This configured via pipeline variable
 echo "login to cdpxlinux acr:${CDPX_ACR}"
-docker login $CDPX_ACR  --username $ACR_APP_ID --password $ACR_APP_SECRET
+docker login $CDPX_ACR  --username $CDPX_ACR_APP_ID --password $CDPX_ACR_APP_SECRET
 echo "login to cdpxlinux acr completed: ${CDPX_ACR}"
 
 echo "pull agent image from cdpxlinux acr: ${CDPX_ACR}"
-docker pull ${CDPX_ACR}/artifact/3170cdd2-19f0-4027-912b-1027311691a2/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG}
+docker pull ${CDPX_ACR}/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG}
 echo "pull image from cdpxlinux acr completed: ${CDPX_ACR}"
 
 echo "CI Release name is:"$CI_RELEASE
@@ -41,7 +50,7 @@ echo "CI ACR : ${CI_ACR}"
 echo "CI AGENT REPOSITORY NAME : ${CI_AGENT_REPO}"
 
 echo "tag linux agent image"
-docker tag ${CDPX_ACR}/artifact/3170cdd2-19f0-4027-912b-1027311691a2/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG} ${CI_ACR}/public/azuremonitor/containerinsights/${CI_AGENT_REPO}:${imagetag}
+docker tag ${CDPX_ACR}/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG} ${CI_ACR}/public/azuremonitor/containerinsights/${CI_AGENT_REPO}:${imagetag}
 
 echo "login ciprod acr":$CI_ACR
 docker login $CI_ACR --username $ACR_APP_ID --password $ACR_APP_SECRET
diff --git a/.pipelines/pull-from-cdpx-and-push-to-ci-acr-windows-image.sh b/.pipelines/pull-from-cdpx-and-push-to-ci-acr-windows-image.sh
index 066410af5..095a00039 100755
--- a/.pipelines/pull-from-cdpx-and-push-to-ci-acr-windows-image.sh
+++ b/.pipelines/pull-from-cdpx-and-push-to-ci-acr-windows-image.sh
@@ -25,12 +25,20 @@ ACR_APP_ID=$(cat ~/acrappid )
 ACR_APP_SECRET=$(cat ~/acrappsecret)
 echo "end: read appid and appsecret"
 
+echo "start: read appid and appsecret for cdpx"
+CDPX_ACR_APP_ID=$(cat ~/cdpxacrappid)
+CDPX_ACR_APP_SECRET=$(cat ~/cdpxacrappsecret)
+echo "end: read appid and appsecret which has read access on cdpx acr"
+
+# Name of CDPX_ACR should be in this format :Naming convention: 'cdpx' + service tree id without '-' + two digit suffix like'00'/'01
+# suffix 00 primary and 01 secondary, and we only use primary
+# This configured via pipeline variable
 echo "login to cdpxwindows acr:${CDPX_ACR}"
-docker login $CDPX_ACR  --username $ACR_APP_ID --password $ACR_APP_SECRET
+docker login $CDPX_ACR  --username $CDPX_ACR_APP_ID --password $CDPX_ACR_APP_SECRET
 echo "login to cdpxwindows acr:${CDPX_ACR} completed"
 
 echo "pull image from cdpxwin acr: ${CDPX_ACR}"
-docker pull ${CDPX_ACR}/artifact/3170cdd2-19f0-4027-912b-1027311691a2/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG}
+docker pull ${CDPX_ACR}/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG}
 echo "pull image from cdpxwin acr completed: ${CDPX_ACR}"
 
 echo "CI Release name:"$CI_RELEASE
@@ -40,7 +48,7 @@ imagetag="win-"$CI_RELEASE$CI_IMAGE_TAG_SUFFIX
 echo "agentimagetag="$imagetag
 
 echo "tag windows agent image"
-docker tag ${CDPX_ACR}/artifact/3170cdd2-19f0-4027-912b-1027311691a2/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG} ${CI_ACR}/public/azuremonitor/containerinsights/${CI_AGENT_REPO}:${imagetag}
+docker tag ${CDPX_ACR}/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG} ${CI_ACR}/public/azuremonitor/containerinsights/${CI_AGENT_REPO}:${imagetag}
 
 echo "login to ${CI_ACR} acr"
 docker login $CI_ACR --username $ACR_APP_ID --password $ACR_APP_SECRET