diff --git a/pkg/api/agentPoolOnlyApi/v20180331/errors.go b/pkg/api/agentPoolOnlyApi/v20180331/errors.go
index 5201c293b0..b5eca1726c 100644
--- a/pkg/api/agentPoolOnlyApi/v20180331/errors.go
+++ b/pkg/api/agentPoolOnlyApi/v20180331/errors.go
@@ -5,6 +5,9 @@ import "github.com/pkg/errors"
 // ErrorInvalidNetworkProfile error
 var ErrorInvalidNetworkProfile = errors.New("ServiceCidr, DNSServiceIP, DockerBridgeCidr should all be empty or neither should be empty")
 
+// ErrorPodCidrNotSetableInAzureCNI error
+var ErrorPodCidrNotSetableInAzureCNI = errors.New("PodCidr should not be set when network plugin is set to Azure")
+
 // ErrorInvalidNetworkPlugin error
 var ErrorInvalidNetworkPlugin = errors.New("Network plugin should be either Azure or Kubenet")
 
diff --git a/pkg/api/agentPoolOnlyApi/v20180331/validate.go b/pkg/api/agentPoolOnlyApi/v20180331/validate.go
index 71ab710883..50a7022c54 100644
--- a/pkg/api/agentPoolOnlyApi/v20180331/validate.go
+++ b/pkg/api/agentPoolOnlyApi/v20180331/validate.go
@@ -211,6 +211,11 @@ func validateVNET(a *Properties) error {
 			} else {
 				return ErrorInvalidNetworkProfile
 			}
+
+			// PodCidr should not be set for Azure CNI
+			if n.NetworkPlugin == Azure && n.PodCidr != "" {
+				return ErrorPodCidrNotSetableInAzureCNI
+			}
 		default:
 			return ErrorInvalidNetworkPlugin
 		}
diff --git a/pkg/api/agentPoolOnlyApi/v20180331/validate_test.go b/pkg/api/agentPoolOnlyApi/v20180331/validate_test.go
index 62f77d6f60..0d1f6fe418 100644
--- a/pkg/api/agentPoolOnlyApi/v20180331/validate_test.go
+++ b/pkg/api/agentPoolOnlyApi/v20180331/validate_test.go
@@ -129,6 +129,35 @@ func TestValidateVNET(t *testing.T) {
 		t.Errorf("Failed to test validate VNET: expected %s but got %s", ErrorInvalidNetworkProfile, err.Error())
 	}
 
+	// network profile has NetworkPlugin set to azure and PodCidr set, should fail
+	n = &NetworkProfile{
+		NetworkPlugin: NetworkPlugin("azure"),
+		PodCidr:       "a.b.c.d",
+	}
+
+	p = []*AgentPoolProfile{
+		{
+			VnetSubnetID: vnetSubnetID1,
+			MaxPods:      &maxPods1,
+		},
+		{
+			VnetSubnetID: vnetSubnetID2,
+			MaxPods:      &maxPods2,
+		},
+	}
+
+	a = &Properties{
+		NetworkProfile:    n,
+		AgentPoolProfiles: p,
+	}
+
+	if err := validateVNET(a); err != ErrorPodCidrNotSetableInAzureCNI {
+		if err == nil {
+			t.Errorf("Failed to test validate VNET: expected %s but got no error", ErrorPodCidrNotSetableInAzureCNI)
+		}
+		t.Errorf("Failed to test validate VNET: expected %s but got %s", ErrorPodCidrNotSetableInAzureCNI, err.Error())
+	}
+
 	// NetworkPlugin is not azure or kubenet
 	n = &NetworkProfile{
 		NetworkPlugin:    NetworkPlugin("none"),