NotAllAgentPoolOrchestratorVersionSpecifiedAndUnchanged during `az aks update --enable-managed-identity`

Related command az aks update --resource-group <> --name <> --enable-managed-identity --assign-identity <> --assign-kubelet-identity <> OR the simplified: az aks update --resource-group <> --name <> --enable-managed-identity

(both give same error, which I believe is a validation error before proceeding)

Describe the bug We recently updated our Azure Managed AKS clusters and their control-plane from: kubernetesVersion: 1.21.2 -> 1.22.6 orchestratorVersion: 1.21.2 -> 1.22.6

As a followup to these upgrades we also want to enable managed-identities for the same cluster. However the API call during the above az aks update --enabled-managed-identity command, is returning some unexpected output, which I believe may be a bug between the HTTP API payload versions:

urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/.../resourceGroups/.../providers/Microsoft.ContainerService/managedClusters/...?api-version=2022-04-01 HTTP/1.1" 200 None
...
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
  "id": "/subscriptions/.../resourcegroups/.../providers/Microsoft.ContainerService/managedClusters/...",
   ...
   "kubernetesVersion": "1.22.6",
   "currentKubernetesVersion": "1.22.6",
   ...
   "orchestratorVersion": "1.21.2",
    "currentOrchestratorVersion": "1.22.6",
    ...

I believe the orchestratorVersion returned from the above API calls is then passed on the AKS update call:

cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/.../resourceGroups/.../providers/Microsoft.ContainerService/managedClusters/...?api-version=2022-04-01'
...
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {
...
"mode": "System", "orchestratorVersion": "1.21.2", "upgradeSettings": ...
}
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/cbe888f6-e994-4f24-aabc-1834bf620d36/resourceGroups/staginguk/providers/Microsoft.ContainerService/managedClusters/staginguk-primary-aks?api-version=2022-04-01 HTTP/1.1" 400 394
cli.azure.cli.core.sdk.policies: Response status: 400

Which means we hit this exception response:

cli.azure.cli.core.sdk.policies: {
  "code": "NotAllAgentPoolOrchestratorVersionSpecifiedAndUnchanged",
  "message": "Using managed cluster api, all Agent pools' OrchestratorVersion must be all specified or all unspecified. If all specified, they must be stay unchanged or the same with control plane. For agent pool specific change, please use per agent pool operations: https://aka.ms/agent-pool-rest-api",
  "subcode": ""
 }

To Reproduce

1. Upgrade a Azure AKS cluster & orchestratorVersion.
2. Attempt to enable managed identities with: az aks update --resource-group <> --name <> --enable-managed-identity

Expected behaviour The cluster should utilise the new managed identities & be present the json represenation of the AKS cluster. via: identityProfile & kubeletIdentityProfile blocks.

Environment summary

az --version
azure-cli                         2.37.0

core                              2.37.0
telemetry                          1.0.6

Extensions:
datafactory                        0.5.0

Dependencies:
msal                            1.18.0b1
azure-mgmt-resource             21.1.0b1

Python location '/home/mitchell/test-venv/bin/python3'
Extensions directory '/home/mitchell/.azure/cliextensions'

Python (Linux) 3.8.10 (default, Mar 15 2022, 12:22:08) 
[GCC 9.4.0]

Additional context n/a