Azure AI Speech now splits config paths for TTS (text-to-speech) and STT (speech-to-text) when using managed identity—and yes, they're different enough to matter. Roles, env vars, and auth flows don’t line up. Private endpoints? They nuke regional fallbacks, so you’ll need to pass full URLs.
A shared utility function handles the mess: branches for identity vs key-based auth, all routed by capability.