$ az acr run --cmd "acr purge --help" /dev/null
Queued a run with ID: ca4
Waiting for an agent...
2021/03/29 20:11:29 Alias support enabled for version >= 1.1.0, please see https://aka.ms/acr/tasks/task-aliases for more information.
2021/03/29 20:11:29 Creating Docker network: acb_default_network, driver: 'bridge'
2021/03/29 20:11:29 Successfully set up Docker network: acb_default_network
2021/03/29 20:11:29 Setting up Docker configuration...
2021/03/29 20:11:30 Successfully set up Docker configuration
2021/03/29 20:11:30 Logging in to registry: ${REGISTRY_NAME}.azurecr.io
failed to login, ran out of retries: failed to set docker credentials: Error response from daemon: Get https://${REGISTRY_NAME}.azurecr.io/v2/: denied: client with IP '20.42.67.3' is not allowed access. Refer https://aka.ms/acr/firewall to grant access.
: exit status 1
Run ID: ca4 failed after 10s. Error: failed during run, err: exit status 1
Run failed
"Allow trusted Microsoft services to access this container registry" is checked. I am guessing that whitelisting various azure ips is not the right solution here. So what is?