diff --git a/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh b/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh
old mode 100644
new mode 100755
diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh
index b4df538d4..c4067f25e 100644
--- a/kubernetes/linux/main.sh
+++ b/kubernetes/linux/main.sh
@@ -161,6 +161,39 @@ fi
 export CLOUD_ENVIRONMENT=$CLOUD_ENVIRONMENT
 echo "export CLOUD_ENVIRONMENT=$CLOUD_ENVIRONMENT" >> ~/.bashrc
 
+# Check if the instrumentation key needs to be fetched from a storage account (as in airgapped clouds)
+if [ ${#APPLICATIONINSIGHTS_AUTH_URL} -ge 1 ]; then  # (check if APPLICATIONINSIGHTS_AUTH_URL has length >=1)
+      for BACKOFF in {1..4}; do
+            KEY=$(curl -sS $APPLICATIONINSIGHTS_AUTH_URL )
+            # there's no easy way to get the HTTP status code from curl, so just check if the result is well formatted
+            if [[ $KEY =~ ^[A-Za-z0-9=]+$ ]]; then
+                  break
+            else
+                  sleep $((2**$BACKOFF / 4))  # (exponential backoff)
+            fi
+      done
+
+      # validate that the retrieved data is an instrumentation key
+      if [[ $KEY =~ ^[A-Za-z0-9=]+$ ]]; then
+            export APPLICATIONINSIGHTS_AUTH=$(echo $KEY)
+            echo "export APPLICATIONINSIGHTS_AUTH=$APPLICATIONINSIGHTS_AUTH" >> ~/.bashrc
+            echo "Using cloud-specific instrumentation key"
+      else
+            # no ikey can be retrieved. Disable telemetry and continue
+            export DISABLE_TELEMETRY=true
+            echo "export DISABLE_TELEMETRY=true" >> ~/.bashrc
+            echo "Could not get cloud-specific instrumentation key (network error?). Disabling telemetry"
+      fi
+fi
+
+
+aikey=$(echo $APPLICATIONINSIGHTS_AUTH | base64 --decode)	
+export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey	
+echo "export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey" >> ~/.bashrc	
+
+source ~/.bashrc
+
+
 #Parse the configmap to set the right environment variables.
 /opt/microsoft/omsagent/ruby/bin/ruby tomlparser.rb
 
@@ -581,11 +614,6 @@ echo "export HOST_ETC=/hostfs/etc" >> ~/.bashrc
 export HOST_VAR=/hostfs/var
 echo "export HOST_VAR=/hostfs/var" >> ~/.bashrc
 
-aikey=$(echo $APPLICATIONINSIGHTS_AUTH | base64 --decode)
-export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey
-echo "export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey" >> ~/.bashrc
-
-source ~/.bashrc
 
 #start telegraf
 /opt/telegraf --config $telegrafConfFile &
diff --git a/kubernetes/windows/main.ps1 b/kubernetes/windows/main.ps1
index a297e3801..722392157 100644
--- a/kubernetes/windows/main.ps1
+++ b/kubernetes/windows/main.ps1
@@ -119,10 +119,48 @@ function Set-EnvironmentVariables {
         $env:AZMON_AGENT_CFG_SCHEMA_VERSION
     }
 
-    # Set environment variable for TELEMETRY_APPLICATIONINSIGHTS_KEY
-    $aiKey = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($env:APPLICATIONINSIGHTS_AUTH))
-    [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKey, "Process")
-    [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKey, "Machine")
+    # Check if the instrumentation key needs to be fetched from a storage account (as in airgapped clouds)
+    $aiKeyURl = [System.Environment]::GetEnvironmentVariable('APPLICATIONINSIGHTS_AUTH_URL')
+    if ($aiKeyURl) {
+        $aiKeyFetched = ""
+        # retry up to 5 times
+        for( $i = 1; $i -le 4; $i++) {
+            try {
+                $response = Invoke-WebRequest -uri $aiKeyURl -UseBasicParsing -TimeoutSec 5 -ErrorAction:Stop
+
+                if ($response.StatusCode -ne 200) {
+                    Write-Host "Expecting reponse code 200, was: $($response.StatusCode), retrying"
+                    Start-Sleep -Seconds ([MATH]::Pow(2, $i) / 4)
+                }
+                else {
+                    $aiKeyFetched = $response.Content
+                    break
+                }
+            }
+            catch {
+                Write-Host "Exception encountered fetching instrumentation key:"
+                Write-Host $_.Exception
+            }
+        }
+        
+        # Check if the fetched IKey was properly encoded. if not then turn off telemetry
+        if ($aiKeyFetched -match '^[A-Za-z0-9=]+$') {
+            Write-Host "Using cloud-specific instrumentation key"
+            [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aiKeyFetched, "Process")
+            [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aiKeyFetched, "Machine")
+        }
+        else {
+            # Couldn't fetch the Ikey, turn telemetry off
+            Write-Host "Could not get cloud-specific instrumentation key (network error?). Disabling telemetry"
+            [System.Environment]::SetEnvironmentVariable("DISABLE_TELEMETRY", "True", "Process")
+            [System.Environment]::SetEnvironmentVariable("DISABLE_TELEMETRY", "True", "Machine")
+        }
+    }
+
+    $aiKeyDecoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($env:APPLICATIONINSIGHTS_AUTH))
+    [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKeyDecoded, "Process")
+    [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKeyDecoded, "Machine")
+
 
     # run config parser
     ruby /opt/omsagentwindows/scripts/ruby/tomlparser.rb
@@ -324,7 +362,3 @@ Get-WmiObject Win32_process | Where-Object { $_.Name -match 'powershell' } | For
 
 #check if fluentd service is running
 Get-Service fluentdwinaks
-
-
-
-