[QUERY] Is managed Identity Authentication possible for ai formrecognizer/document intelligence service? UnknownHostException

[Naines]

Query/Question:
Is managed Identity Authentication possible for ai formrecognizer/document intelligence service? As per Azure AI Services docs, all managed identity authentication is possible for ai services.
Error: java.net.UnknownHostException : {resource-name}.cognitiveservies.azure.com.
Code: Referred from following azure sample doc: https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/formrecognizer/azure-ai-formrecognizer/src/samples/java/com/azure/ai/formrecognizer/Authentication.java

Logs(notable ones):

2024-12-12 08:28:47.590 DEBUG  [ForkJoinPool.commonPool-worker-1] reactor.netty.resources.PooledConnectionProvider - Creating a new [http] client pool [PoolFactory{evictionInterval=PT0S, leasingStrategy=fifo, maxConnections=500, maxIdleTime=-1, maxLifeTime=-1, metricsEnabled=false, pendingAcquireMaxCount=1000, pendingAcquireTimeout=45000}] for [<resource-name>.cognitiveservies.azure.com/<unresolved>:443]

DEBUG: com.azure.core.http.policy.RetryPolicy - {"az.sdk.message":"Error resume.","exception":"<resource-name>.cognitiveservies.azure.com","tryCount":1}      
java.net.UnknownHostException: <resource-name>.cognitiveservies.azure.com

2024-12-12 08:28:53.671 ERROR  [reactor-http-nio-4] com.azure.core.http.policy.RetryPolicy - {"az.sdk.message":"Retry attempts have been exhausted.","exception":"<resource-name>.cognitiveservies.azure.com","tryCount":3}

Code: (From azure samples)

    private void test() {
        DocumentAnalysisClient client = null;
        try{
            client = new DocumentAnalysisClientBuilder()
            .credential(new DefaultAzureCredentialBuilder()
                    .managedIdentityClientId("<MI-CLIENT-ID>").build())
            .endpoint("https://<resource-name>.cognitiveservies.azure.com")
            .buildClient();
        }catch(Exception e){
            logger.info(e.getLocalizedMessage());
        }
       
        // sample document
        String documentUrl = "https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/sample-layout.pdf";
        String modelId = "prebuilt-layout";

        SyncPoller<OperationResult, AnalyzeResult> analyzeLayoutPoller = client.beginAnalyzeDocumentFromUrl(modelId,
                documentUrl);

        AnalyzeResult analyzeLayoutResult = analyzeLayoutPoller.getFinalResult();

        // pages
        analyzeLayoutResult.getPages().forEach(documentPage -> {
            System.out.printf("Page has width: %.2f and height: %.2f, measured with unit: %s%n",
                    documentPage.getWidth(),
                    documentPage.getHeight(),
                    documentPage.getUnit());

            // lines
            documentPage.getLines()
                    .forEach(documentLine -> System.out.printf("Line '%s' is within a bounding polygon %s.%n",
                            documentLine.getContent(),
                            getBoundingCoordinates(documentLine.getBoundingPolygon())));

            // words
            documentPage.getWords()
                    .forEach(documentWord -> System.out.printf("Word '%s' has a confidence score of %.2f.%n",
                            documentWord.getContent(),
                            documentWord.getConfidence()));

            // selection marks
            documentPage.getSelectionMarks()
                    .forEach(documentSelectionMark -> System.out.printf(
                            "Selection mark is '%s' and is within a bounding polygon %s with confidence %.2f.%n",
                            documentSelectionMark.getSelectionMarkState().toString(),
                            getBoundingCoordinates(documentSelectionMark.getBoundingPolygon()),
                            documentSelectionMark.getConfidence()));
        });

        // tables
        List<DocumentTable> tables = analyzeLayoutResult.getTables();
        for (int i = 0; i < tables.size(); i++) {
            DocumentTable documentTable = tables.get(i);
            System.out.printf("Table %d has %d rows and %d columns.%n", i, documentTable.getRowCount(),
                    documentTable.getColumnCount());
            documentTable.getCells().forEach(documentTableCell -> {
                System.out.printf("Cell '%s', has row index %d and column index %d.%n", documentTableCell.getContent(),
                        documentTableCell.getRowIndex(), documentTableCell.getColumnIndex());
            });
            System.out.println();
        }

        // styles
        analyzeLayoutResult.getStyles().forEach(
                documentStyle -> System.out.printf("Document is handwritten %s.%n", documentStyle.isHandwritten()));
        // ------------
        return "OK";
}

 private static String getBoundingCoordinates(List<Point> boundingPolygon) {
        return boundingPolygon.stream().map(point -> String.format("[%.2f, %.2f]", point.getX(),
                point.getY())).collect(Collectors.joining(", "));
    }

Why is this not a Bug or a feature Request?
This possibly, doesn't look like a bug as far as obtaining token is concerned as, token being obtained confirmation is seen in logs.
When using new AzureKeyCredential("key) in place of new DefaultAzureCredentialBuilder() .managedIdentityClientId("client-id").build() for obtaining token, everything works as expected.

logs:

2024-12-12 08:28:47.152 DEBUG  [ForkJoinPool.commonPool-worker-1] com.azure.identity.AzureCliCredential - Azure Identity => getToken() result for scopes [https://cognitiveservices.azure.com/.default]: SUCCESS
2024-12-12 08:28:47.152 INFO   [ForkJoinPool.commonPool-worker-1] com.azure.identity.ChainedTokenCredential - Azure Identity => Attempted credential AzureCliCredential returns a token
2024-12-12 08:28:47.158 INFO   [ForkJoinPool.commonPool-worker-1] com.azure.core.implementation.AccessTokenCache - {"az.sdk.message":"Acquired a new access token."}

Setup (please complete the following information if applicable):

OS: Linux Redhat ubi9 (from base dockerimage ubi9/ubi:latest) and Windows 11 Desktop
Environment: Running on Azure Container Apps , (vscode when in development env)
Library/Libraries: com.azure:azure-ai-formrecognizer:4.0.0, com.azure:azure-identity:1.13.2, com.azure:azure-sdk-bom:1.2.27
Azure Setup: Using user managed Identity assigned to azure container app with "Cognitive User Role" on Azure Document Intelligence resource. All connections are being made in private network. The same container using the same user-managed-id is able to pull secrets from keyvault and connect successfully with cosmosdb.
Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report