diff --git a/src/azure-cli/azure/cli/command_modules/acr/check_health.py b/src/azure-cli/azure/cli/command_modules/acr/check_health.py
index bc997dacfa1..d6a1aaef723 100644
--- a/src/azure-cli/azure/cli/command_modules/acr/check_health.py
+++ b/src/azure-cli/azure/cli/command_modules/acr/check_health.py
@@ -321,7 +321,6 @@ def _get_endpoint_and_token_status(cmd, login_server, registry_abac_enabled, rep
 
 
 def _check_registry_health(cmd, registry_name, repository, ignore_errors):
-    from azure.cli.core.profiles import ResourceType
     if registry_name is None:
         logger.warning("Registry name must be provided to check connectivity.")
         return
@@ -349,25 +348,24 @@ def _check_registry_health(cmd, registry_name, repository, ignore_errors):
             registry and registry.role_assignment_mode == RoleAssignmentMode.ABAC_REPOSITORY_PERMISSIONS
         _get_endpoint_and_token_status(cmd, login_server, registry_abac_enabled, repository, ignore_errors)
 
-    if cmd.supported_api_version(min_api='2020-11-01-preview', resource_type=ResourceType.MGMT_CONTAINERREGISTRY):  # pylint: disable=too-many-nested-blocks
-        # CMK settings
-        if registry and registry.encryption and registry.encryption.key_vault_properties:  # pylint: disable=too-many-nested-blocks
-            client_id = registry.encryption.key_vault_properties.identity
-            valid_identity = False
-            if registry.identity:
-                valid_identity = ((client_id == 'system') and
-                                  bool(registry.identity.principal_id))  # use system identity?
-                if not valid_identity and registry.identity.user_assigned_identities:
-                    for k, v in registry.identity.user_assigned_identities.items():
-                        if v.client_id == client_id:
-                            from azure.core.exceptions import HttpResponseError
-                            try:
-                                valid_identity = resolve_identity_client_id(cmd.cli_ctx, k) == client_id
-                            except HttpResponseError:
-                                pass
-            if not valid_identity:
-                from ._errors import CMK_MANAGED_IDENTITY_ERROR
-                _handle_error(CMK_MANAGED_IDENTITY_ERROR.format_error_message(registry_name), ignore_errors)
+    # CMK settings
+    if registry and registry.encryption and registry.encryption.key_vault_properties:  # pylint: disable=too-many-nested-blocks
+        client_id = registry.encryption.key_vault_properties.identity
+        valid_identity = False
+        if registry.identity:
+            valid_identity = ((client_id == 'system') and
+                              bool(registry.identity.principal_id))  # use system identity?
+            if not valid_identity and registry.identity.user_assigned_identities:
+                for k, v in registry.identity.user_assigned_identities.items():
+                    if v.client_id == client_id:
+                        from azure.core.exceptions import HttpResponseError
+                        try:
+                            valid_identity = resolve_identity_client_id(cmd.cli_ctx, k) == client_id
+                        except HttpResponseError:
+                            pass
+        if not valid_identity:
+            from ._errors import CMK_MANAGED_IDENTITY_ERROR
+            _handle_error(CMK_MANAGED_IDENTITY_ERROR.format_error_message(registry_name), ignore_errors)
 
 
 def _check_private_endpoint(cmd, registry_name, vnet_of_private_endpoint):  # pylint: disable=too-many-locals, too-many-statements