diff --git a/devops/CI.Dockerfile b/devops/CI.Dockerfile
index 09e95f9a..2387e3db 100644
--- a/devops/CI.Dockerfile
+++ b/devops/CI.Dockerfile
@@ -13,11 +13,20 @@ RUN apt-get update && \
     apt-get clean &&  \
     rm -rf /var/lib/apt/lists/*
 
-# enable Microsoft package repo
-RUN curl -sL https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
-RUN curl -sL https://packages.microsoft.com/config/debian/$(lsb_release -sr)/prod.list | tee /etc/apt/sources.list.d/msprod.list
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# Download and dearmor Microsoft's GPG key
+RUN mkdir -p /etc/apt/keyrings/ \
+    && curl -s https://packages.microsoft.com/keys/microsoft.asc \
+    | gpg --dearmor > /etc/apt/keyrings/packages.microsoft.com.gpg
+
+# Download and add key to Microsoft apt source
+RUN curl -s https://packages.microsoft.com/config/debian/$(lsb_release -sr 2>/dev/null)/prod.list \
+    | sed -e 's#\[#[signed-by=/etc/apt/keyrings/packages.microsoft.com.gpg #' \
+    | tee /etc/apt/sources.list.d/microsoft-prod.list
+
 # enable Azure CLI package repo
-RUN echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/azure-cli.list
+RUN echo "deb [signed-by=/etc/apt/keyrings/packages.microsoft.com.gpg arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/azure-cli.list
 
 # install Azure CLI
 ENV ACCEPT_EULA=Y