diff --git a/README.md b/README.md
index 36481f5..a27edd0 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,6 @@ module "iam" {
 
   # Optional
   principal_type                   = "ServicePrincipal"
-  skip_service_principal_aad_check = true
 }
 ```
 
@@ -38,7 +37,6 @@ module "iam" {
 - `roles` (list(string)): Unconditional role definition names to assign.
 - `delegable_roles` (list(string)): Role definition names allowed by the constrained RBAC Admin condition. When empty, RBAC Admin is not assigned.
 - `principal_type` (string): Passed to `azurerm_role_assignment.principal_type`.
-- `skip_service_principal_aad_check` (bool): Passed to `azurerm_role_assignment.skip_service_principal_aad_check`.
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
index 4678adf..8c935f2 100644
--- a/main.tf
+++ b/main.tf
@@ -1,5 +1,4 @@
 locals {
-
   allowed_role_definition_ids_list = join(", ", [
     for name in var.delegable_roles :
     basename(data.azurerm_role_definition.allowed_for_rbac_admin_condition[name].id)
@@ -28,6 +27,13 @@ locals {
   EOT
 }
 
+data "azurerm_role_definition" "rbac_admin" {
+  count = length(var.delegable_roles) > 0 ? 1 : 0
+
+  name  = "Role Based Access Control Administrator"
+  scope = var.scope
+}
+
 data "azurerm_role_definition" "allowed_for_rbac_admin_condition" {
 
   for_each = toset(var.delegable_roles)
@@ -44,7 +50,7 @@ resource "azurerm_role_assignment" "role" {
   role_definition_name             = each.value
   principal_id                     = var.principal_id
   principal_type                   = var.principal_type
-  skip_service_principal_aad_check = var.skip_service_principal_aad_check
+  skip_service_principal_aad_check = true
 }
 
 resource "azurerm_role_assignment" "rbac_admin" {
@@ -52,10 +58,10 @@ resource "azurerm_role_assignment" "rbac_admin" {
   count = length(var.delegable_roles) > 0 ? 1 : 0
 
   scope                            = var.scope
-  role_definition_name             = "Role Based Access Control Administrator"
+  role_definition_id               = data.azurerm_role_definition.rbac_admin[0].id # Role Based Access Control Administrator
   principal_id                     = var.principal_id
   principal_type                   = var.principal_type
-  skip_service_principal_aad_check = var.skip_service_principal_aad_check
+  skip_service_principal_aad_check = true
 
   condition_version = "2.0"
   condition         = local.rbac_admin_condition
diff --git a/variables.tf b/variables.tf
index ecccb27..3f46c49 100644
--- a/variables.tf
+++ b/variables.tf
@@ -35,9 +35,3 @@ variable "principal_type" {
   default     = "ServicePrincipal"
   description = "Value for azurerm_role_assignment.principal_type (e.g., ServicePrincipal, User, Group)."
 }
-
-variable "skip_service_principal_aad_check" {
-  type        = bool
-  default     = true
-  description = "Whether to skip the Azure AD check for service principals."
-}