diff --git a/src/azure-cli-core/azure/cli/core/auth/adal_authentication.py b/src/azure-cli-core/azure/cli/core/auth/adal_authentication.py
index 154db9e05d3..2e7620c05f2 100644
--- a/src/azure-cli-core/azure/cli/core/auth/adal_authentication.py
+++ b/src/azure-cli-core/azure/cli/core/auth/adal_authentication.py
@@ -7,7 +7,7 @@
 from knack.log import get_logger
 from msrestazure.azure_active_directory import MSIAuthentication
 
-from .util import _normalize_scopes, scopes_to_resource, AccessToken
+from .util import scopes_to_resource, AccessToken
 
 logger = get_logger(__name__)
 
@@ -39,7 +39,7 @@ def get_token(self, *scopes, **kwargs):  # pylint:disable=unused-argument
             raise AuthenticationError("VM SSH currently doesn't support managed identity.")
 
         # Use msrestazure to get access token
-        resource = scopes_to_resource(_normalize_scopes(scopes))
+        resource = scopes_to_resource(scopes)
         if resource:
             # If available, use resource provided by SDK
             self.resource = resource
diff --git a/src/azure-cli-core/azure/cli/core/auth/credential_adaptor.py b/src/azure-cli-core/azure/cli/core/auth/credential_adaptor.py
index dc97b48e6b2..6172a5aaba0 100644
--- a/src/azure-cli-core/azure/cli/core/auth/credential_adaptor.py
+++ b/src/azure-cli-core/azure/cli/core/auth/credential_adaptor.py
@@ -7,7 +7,7 @@
 from knack.log import get_logger
 from knack.util import CLIError
 
-from .util import resource_to_scopes, _normalize_scopes
+from .util import resource_to_scopes
 
 logger = get_logger(__name__)
 
@@ -61,7 +61,6 @@ def get_token(self, *scopes, **kwargs):
         # so discard it.
         kwargs.pop('tenant_id', None)
 
-        scopes = _normalize_scopes(scopes)
         token, _ = self._get_token(scopes, **kwargs)
         return token
 
diff --git a/src/azure-cli-core/azure/cli/core/auth/tests/test_util.py b/src/azure-cli-core/azure/cli/core/auth/tests/test_util.py
index c96e5a446ed..12bd442a1d6 100644
--- a/src/azure-cli-core/azure/cli/core/auth/tests/test_util.py
+++ b/src/azure-cli-core/azure/cli/core/auth/tests/test_util.py
@@ -6,7 +6,7 @@
 # pylint: disable=protected-access
 
 import unittest
-from azure.cli.core.auth.util import scopes_to_resource, resource_to_scopes, _normalize_scopes, _generate_login_command
+from azure.cli.core.auth.util import scopes_to_resource, resource_to_scopes, _generate_login_command
 
 
 class TestUtil(unittest.TestCase):
@@ -50,21 +50,6 @@ def test_resource_to_scopes(self):
         self.assertEqual(resource_to_scopes('https://managedhsm.azure.com'),
                          ['https://managedhsm.azure.com/.default'])
 
-    def test_normalize_scopes(self):
-        # Test no scopes
-        self.assertIsNone(_normalize_scopes(()))
-        self.assertIsNone(_normalize_scopes([]))
-        self.assertIsNone(_normalize_scopes(None))
-
-        # Test multiple scopes, with the first one discarded
-        scopes = _normalize_scopes(("https://management.core.windows.net//.default",
-                                    "https://management.core.chinacloudapi.cn//.default"))
-        self.assertEqual(list(scopes), ["https://management.core.chinacloudapi.cn//.default"])
-
-        # Test single scopes (the correct usage)
-        scopes = _normalize_scopes(("https://management.core.chinacloudapi.cn//.default",))
-        self.assertEqual(list(scopes), ["https://management.core.chinacloudapi.cn//.default"])
-
     def test_generate_login_command(self):
         # No parameter is given
         assert _generate_login_command() == 'az login'
diff --git a/src/azure-cli-core/azure/cli/core/auth/util.py b/src/azure-cli-core/azure/cli/core/auth/util.py
index 61e91b27ca1..0907925efec 100644
--- a/src/azure-cli-core/azure/cli/core/auth/util.py
+++ b/src/azure-cli-core/azure/cli/core/auth/util.py
@@ -96,27 +96,6 @@ def scopes_to_resource(scopes):
     return scope
 
 
-def _normalize_scopes(scopes):
-    """Normalize scopes to workaround some SDK issues."""
-
-    # Track 2 SDKs generated before https://github.com/Azure/autorest.python/pull/239 don't maintain
-    # credential_scopes and call `get_token` with empty scopes.
-    # As a workaround, return None so that the CLI-managed resource is used.
-    if not scopes:
-        logger.debug("No scope is provided by the SDK, use the CLI-managed resource.")
-        return None
-
-    # Track 2 SDKs generated before https://github.com/Azure/autorest.python/pull/745 extend default
-    # credential_scopes with custom credential_scopes. Instead, credential_scopes should be replaced by
-    # custom credential_scopes. https://github.com/Azure/azure-sdk-for-python/issues/12947
-    # As a workaround, remove the first one if there are multiple scopes provided.
-    if len(scopes) > 1:
-        logger.debug("Multiple scopes are provided by the SDK, discarding the first one: %s", scopes[0])
-        return scopes[1:]
-
-    return scopes
-
-
 def check_result(result, **kwargs):
     """Parse the result returned by MSAL: