diff --git a/resources.policy_assignments.tf b/resources.policy_assignments.tf
index ab9205c65..3465eff0d 100644
--- a/resources.policy_assignments.tf
+++ b/resources.policy_assignments.tf
@@ -45,7 +45,7 @@ resource "azurerm_management_group_policy_assignment" "enterprise_scale" {
     )
     content {
       type         = identity.value.type
-      identity_ids = try(keys(identity.value.userAssignedIdentities), null)
+      identity_ids = can(identity.value.userAssignedIdentities) ? identity.value.userAssignedIdentities : null
     }
   }
 
diff --git a/resources.role_assignments.tf b/resources.role_assignments.tf
index c64ac56ac..f33c92d5d 100644
--- a/resources.role_assignments.tf
+++ b/resources.role_assignments.tf
@@ -59,7 +59,7 @@ module "role_assignments_for_policy" {
 data "azapi_resource" "user_msi" {
   for_each = {
     for ik, iv in local.es_role_assignments_by_policy_assignment : ik => iv
-    if one(azurerm_management_group_policy_assignment.enterprise_scale[ik].identity[0].identity_ids) != null
+    if try(azurerm_management_group_policy_assignment.enterprise_scale[ik].identity[0].type, null) == "UserAssigned"
   }
 
   resource_id = one(azurerm_management_group_policy_assignment.enterprise_scale[each.key].identity[0].identity_ids)