diff --git a/AKS-scripts/Create-AKS-ServicePrincipal-Secret.sh b/AKS-scripts/Create-AKS-ServicePrincipal-Secret.sh
index faacf4b..10c9d4d 100755
--- a/AKS-scripts/Create-AKS-ServicePrincipal-Secret.sh
+++ b/AKS-scripts/Create-AKS-ServicePrincipal-Secret.sh
@@ -14,6 +14,9 @@ set -euo pipefail
 echo "-----------Begin Create-AKS-ServicePrincipal-Secret-----------"
 source `dirname $0`/Defs/Common-Defs.sh
 
+# See Grant-AKS-acess-ACR.sh for more explanation:
+export MSYS_NO_PATHCONV=1
+
 # Create a 'Reader' role assignment with a scope of the ACR resource.
 # Idempotence: retrieve the password if it already exists, otherwise create:
 if ! $AZ ad sp show --id http://$SERVICE_PRINCIPAL_NAME >- ;
@@ -21,7 +24,7 @@ then
     echo "Creating 'Reader' role and password."
     ACR_REGISTRY_ID=$($AZ acr show --name $ACR_NAME --query id --output tsv)
     set -x
-    $AZ ad sp create-for-rbac --name http://$SERVICE_PRINCIPAL_NAME --role Reader --scopes $ACR_REGISTRY_ID
+    $AZ ad sp create-for-rbac --name http://$SERVICE_PRINCIPAL_NAME --role Reader "--scopes=$ACR_REGISTRY_ID"
     set +x
 else
     echo "Service principal exists, ASSUMING it's up-to-date (manually clean w Clean-AKS.sh)"
diff --git a/AKS-scripts/Grant-AKS-access-ACR.sh b/AKS-scripts/Grant-AKS-access-ACR.sh
index c57ada6..2849da5 100755
--- a/AKS-scripts/Grant-AKS-access-ACR.sh
+++ b/AKS-scripts/Grant-AKS-access-ACR.sh
@@ -34,6 +34,8 @@ ACR_ID=$($AZ acr show --name $ACR_NAME --resource-group $AZURE_RESOURCE_GROUP --
 # translation so that the "--scope=$ACR_ID" below is not mangled on Windows.
 # It should have no affect on Linux/MacOS.
 export MSYS_NO_PATHCONV=1
+# For reference, see this discussion:
+# https://stackoverflow.com/questions/7250130/how-to-stop-mingw-and-msys-from-mangling-path-names-given-at-the-command-line
 
 # Set it to empty string if there's an error:
 EXISTING_ROLES=""