diff --git a/sdk/extensions/Microsoft.Extensions.Azure/src/Internal/ClientFactory.cs b/sdk/extensions/Microsoft.Extensions.Azure/src/Internal/ClientFactory.cs
index 19c1bc24e907..e3b0d6fa622d 100644
--- a/sdk/extensions/Microsoft.Extensions.Azure/src/Internal/ClientFactory.cs
+++ b/sdk/extensions/Microsoft.Extensions.Azure/src/Internal/ClientFactory.cs
@@ -178,7 +178,7 @@ internal static TokenCredential CreateCredential(IConfiguration configuration)
                     return new WorkloadIdentityCredential(workloadIdentityOptions);
                 }
 
-                throw new ArgumentException("For workload identity, 'tenantId', 'clientId', and 'tokenFilePath' must be specified via environment variables or the configuration.");
+                throw new ArgumentException("For workload identity, 'tenantId', 'clientId', and 'tokenFilePath' must be specified via the configuration.");
             }
 
             if (string.Equals(credentialType, "managedidentityasfederatedidentity", StringComparison.OrdinalIgnoreCase))
@@ -189,7 +189,7 @@ internal static TokenCredential CreateCredential(IConfiguration configuration)
                     string.IsNullOrWhiteSpace(clientId) ||
                     string.IsNullOrWhiteSpace(azureCloud))
                 {
-                    throw new ArgumentException("For managed identity as a federated identity credential, 'tenantId', 'clientId', 'azureCloud', and one of ['managedIdentityClientId', 'resourceId', 'objectId'] must be specified via environment variables or the configuration.");
+                    throw new ArgumentException("For managed identity as a federated identity credential, 'tenantId', 'clientId', 'azureCloud', and one of ['managedIdentityClientId', 'managedIdentityResourceId', 'managedIdentityObjectId'] must be specified via the configuration.");
                 }
 
                 if (!string.IsNullOrWhiteSpace(resourceId))
@@ -413,8 +413,8 @@ private static void AssertSingleManagedIdentityIdentifier(string clientId, strin
             idCount += string.IsNullOrWhiteSpace(objectId) ? 0 : 1;
 
             var validIdentifiers = isFederated
-                ? "'clientId', 'managedIdentityClientId', 'managedIdentityResourceId', or 'managedIdentityObjectId'"
-                : "'managedIdentityClientId', 'managedIdentityResourceId', or 'managedIdentityObjectId'";
+                ? "'managedIdentityClientId', 'managedIdentityResourceId', or 'managedIdentityObjectId'"
+                : "'clientId', 'managedIdentityClientId', 'managedIdentityResourceId', or 'managedIdentityObjectId'";
 
             if (idCount > 1)
             {
@@ -423,7 +423,7 @@ private static void AssertSingleManagedIdentityIdentifier(string clientId, strin
 
             if (isFederated && idCount < 1)
             {
-                throw new ArgumentException($"At least one of [{validIdentifiers}] must be specified for managed identity.");
+                throw new ArgumentException($"A clientId and exactly one of [{validIdentifiers}] must be specified for federated managed identity.");
             }
         }