diff --git a/.github/workflows/publish_docker.yml b/.github/workflows/publish_docker.yml
index f970c6e64..f6048175d 100644
--- a/.github/workflows/publish_docker.yml
+++ b/.github/workflows/publish_docker.yml
@@ -16,8 +16,20 @@ jobs:
     name: "publish to DockerHub"
     runs-on: ubuntu-22.04
     if: github.repository == 'microsoft/playwright-dotnet'
+    permissions:
+      id-token: write   # This is required for OIDC login (azure/login) to succeed
+      contents: read    # This is required for actions/checkout to succeed
+    environment: Docker
     steps:
     - uses: actions/checkout@v4
+    - name: Azure login
+      uses: azure/login@v2
+      with:
+        client-id: ${{ secrets.AZURE_DOCKER_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_DOCKER_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_DOCKER_SUBSCRIPTION_ID }}
+    - name: Login to ACR via OIDC
+      run: az acr login --name playwright
     - name: Setup .NET Core
       uses: actions/setup-dotnet@v3
       with:
@@ -25,11 +37,6 @@ jobs:
     - name: Install prerequisites and download drivers
       shell: bash
       run: ./build.sh --download-driver
-    - uses: azure/docker-login@v1
-      with:
-        login-server: playwright.azurecr.io
-        username: playwright
-        password: ${{ secrets.DOCKER_PASSWORD }}
     - name: Set up Docker QEMU for arm64 docker builds
       uses: docker/setup-qemu-action@v3
       with: