diff --git a/remotes/docker/authorizer.go b/remotes/docker/authorizer.go
index d898ca4f8..eaa0e5dbd 100644
--- a/remotes/docker/authorizer.go
+++ b/remotes/docker/authorizer.go
@@ -311,7 +311,8 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token, refreshToken st
 				// Registries without support for POST may return 404 for POST /v2/token.
 				// As of September 2017, GCR is known to return 404.
 				// As of February 2018, JFrog Artifactory is known to return 401.
-				if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 {
+				// As of January 2022, ACR is known to return 400.
+				if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 || errStatus.StatusCode == 400 {
 					resp, err := auth.FetchToken(ctx, ah.client, ah.header, to)
 					if err != nil {
 						return "", "", err