diff --git a/azure/aci.go b/azure/aci.go
index 964a2ca17..252a80e26 100644
--- a/azure/aci.go
+++ b/azure/aci.go
@@ -6,14 +6,14 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
-	"os"
 	"strings"
 	"time"
 
+	"github.com/docker/api/azure/login"
+
 	"github.com/Azure/azure-sdk-for-go/profiles/2019-03-01/resources/mgmt/resources"
 	"github.com/Azure/azure-sdk-for-go/profiles/preview/preview/subscription/mgmt/subscription"
 	"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-10-01/containerinstance"
-	"github.com/Azure/azure-sdk-for-go/services/keyvault/auth"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/to"
 	tm "github.com/buger/goterm"
@@ -24,14 +24,6 @@ import (
 	"github.com/docker/api/context/store"
 )
 
-func init() {
-	// required to get auth.NewAuthorizerFromCLI() to work, otherwise getting "The access token has been obtained for wrong audience or resource 'https://vault.azure.net'."
-	err := os.Setenv("AZURE_KEYVAULT_RESOURCE", "https://management.azure.com")
-	if err != nil {
-		panic("unable to set environment variable AZURE_KEYVAULT_RESOURCE")
-	}
-}
-
 func createACIContainers(ctx context.Context, aciContext store.AciContext, groupDefinition containerinstance.ContainerGroup) error {
 	containerGroupsClient, err := getContainerGroupsClient(aciContext.SubscriptionID)
 	if err != nil {
@@ -243,7 +235,7 @@ func getACIContainerLogs(ctx context.Context, aciContext store.AciContext, conta
 }
 
 func getContainerGroupsClient(subscriptionID string) (containerinstance.ContainerGroupsClient, error) {
-	auth, err := auth.NewAuthorizerFromCLI()
+	auth, err := login.NewAzureLoginService().NewAuthorizerFromLogin()
 	if err != nil {
 		return containerinstance.ContainerGroupsClient{}, err
 	}
@@ -256,7 +248,7 @@ func getContainerGroupsClient(subscriptionID string) (containerinstance.Containe
 }
 
 func getContainerClient(subscriptionID string) (containerinstance.ContainerClient, error) {
-	auth, err := auth.NewAuthorizerFromCLI()
+	auth, err := login.NewAzureLoginService().NewAuthorizerFromLogin()
 	if err != nil {
 		return containerinstance.ContainerClient{}, err
 	}
@@ -267,7 +259,7 @@ func getContainerClient(subscriptionID string) (containerinstance.ContainerClien
 
 func getSubscriptionsClient() subscription.SubscriptionsClient {
 	subc := subscription.NewSubscriptionsClient()
-	authorizer, _ := auth.NewAuthorizerFromCLI()
+	authorizer, _ := login.NewAzureLoginService().NewAuthorizerFromLogin()
 	subc.Authorizer = authorizer
 	return subc
 }
@@ -275,7 +267,7 @@ func getSubscriptionsClient() subscription.SubscriptionsClient {
 // GetGroupsClient ...
 func GetGroupsClient(subscriptionID string) resources.GroupsClient {
 	groupsClient := resources.NewGroupsClient(subscriptionID)
-	authorizer, _ := auth.NewAuthorizerFromCLI()
+	authorizer, _ := login.NewAzureLoginService().NewAuthorizerFromLogin()
 	groupsClient.Authorizer = authorizer
 	return groupsClient
 }
diff --git a/azure/backend.go b/azure/backend.go
index 14cb81897..1e15200dd 100644
--- a/azure/backend.go
+++ b/azure/backend.go
@@ -11,7 +11,6 @@ import (
 	"github.com/docker/api/context/cloud"
 
 	"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-10-01/containerinstance"
-	"github.com/Azure/go-autorest/autorest/azure/auth"
 	"github.com/compose-spec/compose-go/types"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -53,7 +52,7 @@ func New(ctx context.Context) (backend.Service, error) {
 	}
 	aciContext, _ := metadata.Metadata.Data.(store.AciContext)
 
-	auth, _ := auth.NewAuthorizerFromCLI()
+	auth, _ := login.NewAzureLoginService().NewAuthorizerFromLogin()
 	containerGroupsClient := containerinstance.NewContainerGroupsClient(aciContext.SubscriptionID)
 	containerGroupsClient.Authorizer = auth
 
@@ -67,8 +66,7 @@ func getAciAPIService(cgc containerinstance.ContainerGroupsClient, aciCtx store.
 			ctx:                   aciCtx,
 		},
 		aciComposeService: aciComposeService{
-			containerGroupsClient: cgc,
-			ctx:                   aciCtx,
+			ctx: aciCtx,
 		},
 		aciCloudService: aciCloudService{
 			loginService: login.NewAzureLoginService(),
@@ -236,8 +234,7 @@ func (cs *aciContainerService) Delete(ctx context.Context, containerID string, _
 }
 
 type aciComposeService struct {
-	containerGroupsClient containerinstance.ContainerGroupsClient
-	ctx                   store.AciContext
+	ctx store.AciContext
 }
 
 func (cs *aciComposeService) Up(ctx context.Context, opts compose.ProjectOptions) error {
diff --git a/azure/login/login.go b/azure/login/login.go
index f671574d8..06d9b55a2 100644
--- a/azure/login/login.go
+++ b/azure/login/login.go
@@ -253,7 +253,7 @@ func (login AzureLoginService) NewAuthorizerFromLogin() (autorest.Authorizer, er
 	token := adal.Token{
 		AccessToken:  oauthToken.AccessToken,
 		Type:         oauthToken.TokenType,
-		ExpiresIn:    json.Number(strconv.Itoa(int(oauthToken.Expiry.Sub(time.Now()).Seconds()))),
+		ExpiresIn:    json.Number(strconv.Itoa(int(time.Until(oauthToken.Expiry).Seconds()))),
 		ExpiresOn:    json.Number(strconv.Itoa(int(oauthToken.Expiry.Sub(date.UnixEpoch()).Seconds()))),
 		RefreshToken: "",
 		Resource:     "",