diff --git a/sdk/azidentity/azidentity_test.go b/sdk/azidentity/azidentity_test.go
index 0b68243e7b16..7581bfc907df 100644
--- a/sdk/azidentity/azidentity_test.go
+++ b/sdk/azidentity/azidentity_test.go
@@ -38,6 +38,7 @@ var (
 	accessTokenRespSuccess    = []byte(fmt.Sprintf(`{"access_token": "%s", "expires_in": %d}`, tokenValue, tokenExpiresIn))
 	instanceDiscoveryResponse = getInstanceDiscoveryResponse(fakeTenantID)
 	tenantDiscoveryResponse   = getTenantDiscoveryResponse(fakeTenantID)
+	testTRO                   = policy.TokenRequestOptions{Scopes: []string{liveTestScope}}
 )
 
 // constants for this file
diff --git a/sdk/azidentity/azure_cli_credential_test.go b/sdk/azidentity/azure_cli_credential_test.go
index 17f42fc87c37..ad90d2b8c121 100644
--- a/sdk/azidentity/azure_cli_credential_test.go
+++ b/sdk/azidentity/azure_cli_credential_test.go
@@ -11,8 +11,6 @@ import (
 	"errors"
 	"testing"
 	"time"
-
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 )
 
 var (
@@ -38,7 +36,7 @@ func TestAzureCLICredential_GetTokenSuccess(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	at, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	at, err := cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -58,7 +56,7 @@ func TestAzureCLICredential_GetTokenInvalidToken(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Unable to create credential. Received: %v", err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err == nil {
 		t.Fatalf("Expected an error but did not receive one.")
 	}
@@ -81,7 +79,7 @@ func TestAzureCLICredential_TenantID(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Unable to create credential. Received: %v", err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err)
 	}
diff --git a/sdk/azidentity/chained_token_credential_test.go b/sdk/azidentity/chained_token_credential_test.go
index 788b1df61c04..c05c21bcc41a 100644
--- a/sdk/azidentity/chained_token_credential_test.go
+++ b/sdk/azidentity/chained_token_credential_test.go
@@ -93,7 +93,7 @@ func TestChainedTokenCredential_GetTokenSuccess(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -118,7 +118,7 @@ func TestChainedTokenCredential_GetTokenFail(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if _, ok := err.(*AuthenticationFailedError); !ok {
 		t.Fatalf("expected AuthenticationFailedError, received %T", err)
 	}
@@ -138,7 +138,7 @@ func TestChainedTokenCredential_MultipleCredentialsGetTokenUnavailable(t *testin
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if _, ok := err.(*credentialUnavailableError); !ok {
 		t.Fatalf("expected credentialUnavailableError, received %T", err)
 	}
@@ -163,7 +163,7 @@ func TestChainedTokenCredential_MultipleCredentialsGetTokenAuthenticationFailed(
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if _, ok := err.(*AuthenticationFailedError); !ok {
 		t.Fatalf("expected AuthenticationFailedError, received %T", err)
 	}
@@ -185,7 +185,7 @@ func TestChainedTokenCredential_MultipleCredentialsGetTokenCustomName(t *testing
 		t.Fatal(err)
 	}
 	cred.name = "CustomNameCredential"
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if _, ok := err.(*credentialUnavailableError); !ok {
 		t.Fatalf("expected credentialUnavailableError, received %T", err)
 	}
@@ -208,9 +208,7 @@ func TestChainedTokenCredential_RepeatedGetTokenWithSuccessfulCredential(t *test
 		t.Fatal(err)
 	}
 
-	getTokenOptions := policy.TokenRequestOptions{Scopes: []string{liveTestScope}}
-
-	tk, err := cred.GetToken(context.Background(), getTokenOptions)
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	testGoodGetTokenResponse(t, tk, err)
 	if failedCredential.getTokenCalls != 1 {
 		t.Fatal("The failed credential getToken should have been called once")
@@ -218,7 +216,7 @@ func TestChainedTokenCredential_RepeatedGetTokenWithSuccessfulCredential(t *test
 	if successfulCredential.getTokenCalls != 1 {
 		t.Fatalf("The successful credential getToken should have been called once")
 	}
-	tk2, err2 := cred.GetToken(context.Background(), getTokenOptions)
+	tk2, err2 := cred.GetToken(context.Background(), testTRO)
 	testGoodGetTokenResponse(t, tk2, err2)
 	if failedCredential.getTokenCalls != 1 {
 		t.Fatalf("The failed credential getToken should not have been called again")
@@ -239,9 +237,7 @@ func TestChainedTokenCredential_RepeatedGetTokenWithSuccessfulCredentialWithRetr
 		t.Fatal(err)
 	}
 
-	getTokenOptions := policy.TokenRequestOptions{Scopes: []string{liveTestScope}}
-
-	tk, err := cred.GetToken(context.Background(), getTokenOptions)
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	testGoodGetTokenResponse(t, tk, err)
 	if failedCredential.getTokenCalls != 1 {
 		t.Fatalf("The failed credential getToken should have been called once")
@@ -249,7 +245,7 @@ func TestChainedTokenCredential_RepeatedGetTokenWithSuccessfulCredentialWithRetr
 	if successfulCredential.getTokenCalls != 1 {
 		t.Fatalf("The successful credential getToken should have been called once")
 	}
-	tk2, err2 := cred.GetToken(context.Background(), getTokenOptions)
+	tk2, err2 := cred.GetToken(context.Background(), testTRO)
 	testGoodGetTokenResponse(t, tk2, err2)
 	if failedCredential.getTokenCalls != 2 {
 		t.Fatalf("The failed credential getToken should have been called twice")
@@ -266,7 +262,6 @@ func TestChainedTokenCredential_Race(t *testing.T) {
 	authFailFake.SetResponse(azcore.AccessToken{}, newAuthenticationFailedError("", "", nil, nil))
 	unavailableFake := NewFakeCredential()
 	unavailableFake.SetResponse(azcore.AccessToken{}, newCredentialUnavailableError("", ""))
-	tro := policy.TokenRequestOptions{Scopes: []string{liveTestScope}}
 
 	for _, b := range []bool{true, false} {
 		t.Run(fmt.Sprintf("RetrySources_%v", b), func(t *testing.T) {
@@ -281,9 +276,9 @@ func TestChainedTokenCredential_Race(t *testing.T) {
 			)
 			for i := 0; i < 5; i++ {
 				go func() {
-					_, _ = success.GetToken(context.Background(), tro)
-					_, _ = failure.GetToken(context.Background(), tro)
-					_, _ = unavailable.GetToken(context.Background(), tro)
+					_, _ = success.GetToken(context.Background(), testTRO)
+					_, _ = failure.GetToken(context.Background(), testTRO)
+					_, _ = unavailable.GetToken(context.Background(), testTRO)
 				}()
 			}
 		})
diff --git a/sdk/azidentity/client_assertion_credential_test.go b/sdk/azidentity/client_assertion_credential_test.go
index b6ac65566cea..577c4e919595 100644
--- a/sdk/azidentity/client_assertion_credential_test.go
+++ b/sdk/azidentity/client_assertion_credential_test.go
@@ -14,7 +14,6 @@ import (
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/mock"
 )
 
@@ -41,7 +40,7 @@ func TestClientAssertionCredential(t *testing.T) {
 		t.Fatal(err)
 	}
 	ctx := context.WithValue(context.Background(), key, true)
-	_, err = cred.GetToken(ctx, policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(ctx, testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -49,7 +48,7 @@ func TestClientAssertionCredential(t *testing.T) {
 		t.Fatalf("expected 1 call, got %d", calls)
 	}
 	// silent authentication should now succeed
-	_, err = cred.GetToken(ctx, policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(ctx, testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -73,7 +72,7 @@ func TestClientAssertionCredentialCallbackError(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err == nil || !strings.Contains(err.Error(), expectedError.Error()) {
 		t.Fatalf(`unexpected error: "%v"`, err)
 	}
diff --git a/sdk/azidentity/client_certificate_credential_test.go b/sdk/azidentity/client_certificate_credential_test.go
index 0137aa7302b5..32d08500d5e1 100644
--- a/sdk/azidentity/client_certificate_credential_test.go
+++ b/sdk/azidentity/client_certificate_credential_test.go
@@ -17,7 +17,6 @@ import (
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/mock"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
 )
@@ -84,7 +83,7 @@ func TestClientCertificateCredential_GetTokenSuccess(t *testing.T) {
 				t.Fatalf("Expected an empty error but received: %s", err.Error())
 			}
 			cred.client = fakeConfidentialClient{}
-			_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+			_, err = cred.GetToken(context.Background(), testTRO)
 			if err != nil {
 				t.Fatalf("Expected an empty error but received: %s", err.Error())
 			}
@@ -101,7 +100,7 @@ func TestClientCertificateCredential_GetTokenSuccess_withCertificateChain(t *tes
 				t.Fatalf("Expected an empty error but received: %s", err.Error())
 			}
 			cred.client = fakeConfidentialClient{}
-			_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+			_, err = cred.GetToken(context.Background(), testTRO)
 			if err != nil {
 				t.Fatalf("Expected an empty error but received: %s", err.Error())
 			}
@@ -124,7 +123,7 @@ func TestClientCertificateCredential_SendCertificateChain(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+			tk, err := cred.GetToken(context.Background(), testTRO)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -142,7 +141,7 @@ func TestClientCertificateCredential_GetTokenCheckPrivateKeyBlocks(t *testing.T)
 		t.Fatalf("Expected an empty error but received: %s", err.Error())
 	}
 	cred.client = fakeConfidentialClient{}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatalf("Expected an empty error but received: %s", err.Error())
 	}
@@ -283,7 +282,7 @@ func TestClientCertificateCredential_InvalidCertLive(t *testing.T) {
 		t.Fatalf("failed to construct credential: %v", err)
 	}
 
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if !reflect.ValueOf(tk).IsZero() {
 		t.Fatal("expected a zero value AccessToken")
 	}
diff --git a/sdk/azidentity/client_secret_credential_test.go b/sdk/azidentity/client_secret_credential_test.go
index 9e6b230522f6..b494ef98a7d7 100644
--- a/sdk/azidentity/client_secret_credential_test.go
+++ b/sdk/azidentity/client_secret_credential_test.go
@@ -12,7 +12,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
 )
 
@@ -34,7 +33,7 @@ func TestClientSecretCredential_GetTokenSuccess(t *testing.T) {
 		t.Fatalf("Unable to create credential. Received: %v", err)
 	}
 	cred.client = fakeConfidentialClient{}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatalf("Expected an empty error but received: %v", err)
 	}
@@ -84,7 +83,7 @@ func TestClientSecretCredential_InvalidSecretLive(t *testing.T) {
 	if err != nil {
 		t.Fatalf("failed to construct credential: %v", err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if !reflect.ValueOf(tk).IsZero() {
 		t.Fatal("expected a zero value AccessToken")
 	}
diff --git a/sdk/azidentity/default_azure_credential_test.go b/sdk/azidentity/default_azure_credential_test.go
index 24349150b383..dd2847f4979b 100644
--- a/sdk/azidentity/default_azure_credential_test.go
+++ b/sdk/azidentity/default_azure_credential_test.go
@@ -77,13 +77,16 @@ func TestDefaultAzureCredential_ConstructorErrorHandler(t *testing.T) {
 }
 
 func TestDefaultAzureCredential_ConstructorErrors(t *testing.T) {
+	// ensure NewEnvironmentCredential returns an error
+	t.Setenv(azureTenantID, "")
 	cred, err := NewDefaultAzureCredential(nil)
 	if err != nil {
 		t.Fatal(err)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), time.Millisecond)
-	defer cancel()
-	_, err = cred.GetToken(ctx, policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	// make GetToken return an error in any runtime environment
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+	_, err = cred.GetToken(ctx, testTRO)
 	if err == nil {
 		t.Fatal("expected an error")
 	}
@@ -206,7 +209,7 @@ func TestDefaultAzureCredential_timeoutWrapper(t *testing.T) {
 	}
 	for i := 0; i < 2; i++ {
 		// expecting credentialUnavailableError because delay exceeds the wrapper's timeout
-		_, err = chain.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+		_, err = chain.GetToken(context.Background(), testTRO)
 		if _, ok := err.(*credentialUnavailableError); !ok {
 			t.Fatalf("expected credentialUnavailableError, got %T: %v", err, err)
 		}
@@ -214,7 +217,7 @@ func TestDefaultAzureCredential_timeoutWrapper(t *testing.T) {
 
 	// remove the delay so the credential can authenticate
 	dp.delay = 0
-	tk, err := chain.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := chain.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/sdk/azidentity/device_code_credential_test.go b/sdk/azidentity/device_code_credential_test.go
index de2eb7fe5962..a587543e01ea 100644
--- a/sdk/azidentity/device_code_credential_test.go
+++ b/sdk/azidentity/device_code_credential_test.go
@@ -12,7 +12,6 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
 )
@@ -35,7 +34,7 @@ func TestDeviceCodeCredential_GetTokenInvalidCredentials(t *testing.T) {
 		t.Fatalf("Unable to create credential. Received: %v", err)
 	}
 	cred.client = fakePublicClient{err: errors.New("invalid credentials")}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err == nil {
 		t.Fatalf("Expected an error but did not receive one.")
 	}
@@ -77,7 +76,7 @@ func TestDeviceCodeCredential_UserPromptError(t *testing.T) {
 			},
 		},
 	}
-	_, err = cred.GetToken(expectedCtx, policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(expectedCtx, testTRO)
 	if err == nil {
 		t.Fatal("expected an error")
 	}
diff --git a/sdk/azidentity/environment_credential_test.go b/sdk/azidentity/environment_credential_test.go
index 061acb16d33a..2ef51055d6a5 100644
--- a/sdk/azidentity/environment_credential_test.go
+++ b/sdk/azidentity/environment_credential_test.go
@@ -15,7 +15,6 @@ import (
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/mock"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
 )
@@ -223,7 +222,7 @@ func TestEnvironmentCredential_SendCertificateChain(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -297,7 +296,7 @@ func TestEnvironmentCredential_InvalidClientSecretLive(t *testing.T) {
 	if err != nil {
 		t.Fatalf("failed to construct credential: %v", err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if !reflect.ValueOf(tk).IsZero() {
 		t.Fatal("expected a zero value AccessToken")
 	}
@@ -381,7 +380,7 @@ func TestEnvironmentCredential_InvalidPasswordLive(t *testing.T) {
 	if err != nil {
 		t.Fatalf("failed to construct credential: %v", err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if !reflect.ValueOf(tk).IsZero() {
 		t.Fatal("expected a zero value AccessToken")
 	}
diff --git a/sdk/azidentity/interactive_browser_credential_test.go b/sdk/azidentity/interactive_browser_credential_test.go
index 1f9c214b1c68..178dc2c5c8f6 100644
--- a/sdk/azidentity/interactive_browser_credential_test.go
+++ b/sdk/azidentity/interactive_browser_credential_test.go
@@ -41,7 +41,7 @@ func TestInteractiveBrowserCredential_GetTokenSuccess(t *testing.T) {
 			ExpiresOn:   time.Now().Add(1 * time.Hour),
 		},
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatalf("Expected an empty error but received: %v", err)
 	}
@@ -127,7 +127,6 @@ func TestInteractiveBrowserCredentialADFS_Live(t *testing.T) {
 	if adfsLiveUser.clientID == fakeClientID {
 		t.Skip("set ADFS_IDENTITY_TEST_CLIENT_ID environment variables to run this test live")
 	}
-	//Redirect URL is necessary
 	url := adfsLiveSP.redirectURL
 
 	cloudConfig := cloud.Configuration{ActiveDirectoryAuthorityHost: adfsAuthority}
diff --git a/sdk/azidentity/live_test.go b/sdk/azidentity/live_test.go
index f5ca7bf229fe..36266579e727 100644
--- a/sdk/azidentity/live_test.go
+++ b/sdk/azidentity/live_test.go
@@ -94,31 +94,34 @@ var (
 	_, runManualTests = os.LookupEnv("AZIDENTITY_RUN_MANUAL_TESTS")
 )
 
-func init() {
-	if recording.GetRecordMode() == recording.PlaybackMode {
-		liveManagedIdentity.clientID = fakeClientID
-		liveManagedIdentity.resourceID = fakeResourceID
-		liveSP.secret = "fake-secret"
-		liveSP.clientID = fakeClientID
-		liveSP.tenantID = fakeTenantID
-		liveSP.pemPath = "testdata/certificate.pem"
-		liveSP.pfxPath = "testdata/certificate.pfx"
-		liveSP.sniPath = "testdata/certificate-with-chain.pem"
-		liveUser.tenantID = fakeTenantID
-		liveUser.username = fakeUsername
-		liveUser.password = "fake-password"
-		adfsLiveSP.secret = "fake-secret"
-		adfsLiveSP.clientID = fakeClientID
-		adfsLiveSP.certPath = "testdata/certificate.pem"
-		adfsLiveUser.username = fakeUsername
-		adfsLiveUser.password = "fake-password"
-		adfsLiveUser.clientID = fakeClientID
-		adfsScope = "https://" + fakeAdfsScope
-		adfsAuthority = "https://" + fakeAdfsAuthority
-	}
+func setFakeValues() {
+	liveManagedIdentity.clientID = fakeClientID
+	liveManagedIdentity.resourceID = fakeResourceID
+	liveSP.secret = "fake-secret"
+	liveSP.clientID = fakeClientID
+	liveSP.tenantID = fakeTenantID
+	liveSP.pemPath = "testdata/certificate.pem"
+	liveSP.pfxPath = "testdata/certificate.pfx"
+	liveSP.sniPath = "testdata/certificate-with-chain.pem"
+	liveUser.tenantID = fakeTenantID
+	liveUser.username = fakeUsername
+	liveUser.password = "fake-password"
+	adfsLiveSP.secret = "fake-secret"
+	adfsLiveSP.clientID = fakeClientID
+	adfsLiveSP.certPath = "testdata/certificate.pem"
+	adfsLiveUser.username = fakeUsername
+	adfsLiveUser.password = "fake-password"
+	adfsLiveUser.clientID = fakeClientID
+	adfsScope = "https://" + fakeAdfsScope
+	adfsAuthority = "https://" + fakeAdfsAuthority
 }
 
 func TestMain(m *testing.M) {
+	code := run(m)
+	os.Exit(code)
+}
+
+func run(m *testing.M) int {
 	if recording.GetRecordMode() == recording.PlaybackMode || recording.GetRecordMode() == recording.RecordingMode {
 		// Start from a fresh proxy
 		err := recording.ResetProxy(nil)
@@ -137,6 +140,7 @@ func TestMain(m *testing.M) {
 
 	switch recording.GetRecordMode() {
 	case recording.PlaybackMode:
+		setFakeValues()
 		err := recording.SetBodilessMatcher(nil, nil)
 		if err != nil {
 			panic(err)
@@ -185,9 +189,7 @@ func TestMain(m *testing.M) {
 			}
 		}
 	}
-	val := m.Run()
-
-	os.Exit(val)
+	return m.Run()
 }
 
 func initRecording(t *testing.T) (policy.ClientOptions, func()) {
diff --git a/sdk/azidentity/managed_identity_credential_test.go b/sdk/azidentity/managed_identity_credential_test.go
index befc485b7389..5b25f247e7d0 100644
--- a/sdk/azidentity/managed_identity_credential_test.go
+++ b/sdk/azidentity/managed_identity_credential_test.go
@@ -184,7 +184,7 @@ func TestManagedIdentityCredential_AppServiceError(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	_, err = msiCred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = msiCred.GetToken(context.Background(), testTRO)
 	if err == nil {
 		t.Fatalf("Expected an error but did not receive one")
 	}
@@ -205,7 +205,7 @@ func TestManagedIdentityCredential_GetTokenIMDS400(t *testing.T) {
 	}
 	// cred should return credentialUnavailableError when IMDS responds 400 to a token request
 	for i := 0; i < 3; i++ {
-		_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+		_, err = cred.GetToken(context.Background(), testTRO)
 		if _, ok := err.(*credentialUnavailableError); !ok {
 			t.Fatalf("expected credentialUnavailableError, received %T", err)
 		}
@@ -240,7 +240,7 @@ func TestManagedIdentityCredential_GetTokenUnexpectedJSON(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	_, err = msiCred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = msiCred.GetToken(context.Background(), testTRO)
 	if err == nil {
 		t.Fatalf("Expected a JSON marshal error but received nil")
 	}
@@ -357,7 +357,7 @@ func TestManagedIdentityCredential_CreateAccessTokenExpiresOnInt(t *testing.T) {
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	_, err = msiCred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = msiCred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -375,7 +375,7 @@ func TestManagedIdentityCredential_CreateAccessTokenExpiresOnFail(t *testing.T)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	_, err = msiCred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = msiCred.GetToken(context.Background(), testTRO)
 	if err == nil {
 		t.Fatalf("expected to receive an error but received none")
 	}
diff --git a/sdk/azidentity/on_behalf_of_credential_test.go b/sdk/azidentity/on_behalf_of_credential_test.go
index 267c1a499612..b1f0a5c4f34b 100644
--- a/sdk/azidentity/on_behalf_of_credential_test.go
+++ b/sdk/azidentity/on_behalf_of_credential_test.go
@@ -73,7 +73,7 @@ func TestOnBehalfOfCredential(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			tk, err := cred.GetToken(ctx, policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+			tk, err := cred.GetToken(ctx, testTRO)
 			if err != nil {
 				t.Fatal(err)
 			}
diff --git a/sdk/azidentity/syncer_test.go b/sdk/azidentity/syncer_test.go
index f24b579da585..fdc682bbcb76 100644
--- a/sdk/azidentity/syncer_test.go
+++ b/sdk/azidentity/syncer_test.go
@@ -87,7 +87,7 @@ func TestSyncer(t *testing.T) {
 	for i := 0; i < goroutines; i++ {
 		wg.Add(1)
 		go func() {
-			_, err := s.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+			_, err := s.GetToken(context.Background(), testTRO)
 			if err != nil {
 				t.Error(err)
 			}
diff --git a/sdk/azidentity/username_password_credential_test.go b/sdk/azidentity/username_password_credential_test.go
index 304e24d03cc0..b029d5029b00 100644
--- a/sdk/azidentity/username_password_credential_test.go
+++ b/sdk/azidentity/username_password_credential_test.go
@@ -12,7 +12,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/recording"
 )
 
@@ -32,7 +31,7 @@ func TestUsernamePasswordCredential_GetTokenSuccess(t *testing.T) {
 		t.Fatalf("Unable to create credential. Received: %v", err)
 	}
 	cred.client = fakePublicClient{}
-	_, err = cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	_, err = cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatalf("Expected an empty error but received: %s", err.Error())
 	}
@@ -82,7 +81,7 @@ func TestUsernamePasswordCredential_InvalidPasswordLive(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Unable to create credential. Received: %v", err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if !reflect.ValueOf(tk).IsZero() {
 		t.Fatal("expected a zero value AccessToken")
 	}
diff --git a/sdk/azidentity/workload_identity_test.go b/sdk/azidentity/workload_identity_test.go
index 121e60a0e389..2429e56cc58f 100644
--- a/sdk/azidentity/workload_identity_test.go
+++ b/sdk/azidentity/workload_identity_test.go
@@ -230,7 +230,7 @@ func TestWorkloadIdentityCredential_Options(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	tk, err := cred.GetToken(context.Background(), policy.TokenRequestOptions{Scopes: []string{liveTestScope}})
+	tk, err := cred.GetToken(context.Background(), testTRO)
 	if err != nil {
 		t.Fatal(err)
 	}