diff --git a/pkg/cmd/provisioning/azure/create_managed_identities.go b/pkg/cmd/provisioning/azure/create_managed_identities.go
index 6d5ca17a3c..5e420b2ddb 100644
--- a/pkg/cmd/provisioning/azure/create_managed_identities.go
+++ b/pkg/cmd/provisioning/azure/create_managed_identities.go
@@ -268,6 +268,9 @@ func ensureRolesAssignedToManagedIdentity(client *azureclients.AzureClientWrappe
 			// at the specified scope
 			roleAssignmentExists := false
 			for _, roleAssignment := range existingRoleAssignments {
+				if roleAssignment.Properties == nil || roleAssignment.Properties.RoleDefinitionID == nil || roleAssignment.Properties.Scope == nil {
+					continue
+				}
 				if *roleDefinition.Properties.RoleName == roleBinding.Role && *roleAssignment.Properties.RoleDefinitionID == *roleDefinition.ID && *roleAssignment.Properties.Scope == scope {
 					roleAssignmentExists = true
 					log.Printf("Found existing role assignment %s for user-assigned managed identity with principal ID %s at scope %s", roleBinding.Role, managedIdentityPrincipalID, scope)
@@ -307,6 +310,10 @@ func ensureRolesAssignedToManagedIdentity(client *azureclients.AzureClientWrappe
 			}
 		}
 		if !found {
+			if existingRoleAssignment.Properties == nil || existingRoleAssignment.Properties.RoleDefinitionID == nil || existingRoleAssignment.Properties.Scope == nil {
+				log.Printf("Skipping role assignment %s with nil Properties, RoleDefinitionID, or Scope", *existingRoleAssignment.Name)
+				continue
+			}
 			roleDefinition, err := getRoleDefinitionByID(client, *existingRoleAssignment.Properties.RoleDefinitionID)
 			if err != nil {
 				return errors.Wrapf(err, "failed to get role definition with role definition ID %s", *existingRoleAssignment.Properties.RoleDefinitionID)