diff --git a/scripts/windows/test/Run-E2ETest.ps1 b/scripts/windows/test/Run-E2ETest.ps1
index fdddc913a3a..f62f77a7e06 100644
--- a/scripts/windows/test/Run-E2ETest.ps1
+++ b/scripts/windows/test/Run-E2ETest.ps1
@@ -618,47 +618,47 @@ Function RunAllTests
 
     $TestName = "DirectMethodAmqpMqtt"
     $testExitCode = RunDirectMethodAmqpMqttTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "DirectMethodMqtt"
     $testExitCode = RunDirectMethodMqttTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "DirectMethodMqttAmqp"
     $testExitCode = RunDirectMethodMqttAmqpTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "DpsSymmetricKeyProvisioning"
     $testExitCode = RunDpsProvisioningTest ([DpsProvisioningType]::SymmetricKey)
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "DpsTpmProvisioning"
     $testExitCode = RunDpsProvisioningTest ([DpsProvisioningType]::Tpm)
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "DpsX509Provisioning"
     $testExitCode = RunDpsProvisioningTest ([DpsProvisioningType]::X509)
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "QuickstartCerts"
     $testExitCode = RunQuickstartCertsTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "TempFilter"
     $testExitCode = RunTempFilterTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "TempFilterFunctions"
     $testExitCode = RunTempFilterFunctionsTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "TempSensor"
     $testExitCode = RunTempSensorTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "TransparentGateway"
     $testExitCode = RunTransparentGatewayTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     Return $lastTestExitCode
 }
@@ -1095,7 +1095,8 @@ Function RunLeafDeviceTest
     [ValidateSet("sas","x509CA","x509Thumprint")][string]$authType,
     [ValidateSet("Mqtt","MqttWs","Amqp", "AmqpWs")][string]$protocol,
     [ValidateNotNullOrEmpty()][string]$leafDeviceId,
-    [string]$edgeDeviceId
+    [string]$edgeDeviceId,
+    [bool]$useSecondaryCredential = $False
 )
 {
     $testCommand = $null
@@ -1170,6 +1171,11 @@ Function RunLeafDeviceTest
                 -ctsk `"$EdgeCertGenScriptDir\private\iot-device-${leafDeviceId}-sec.key.pem`" ``
                 -ed-id `"$edgeDeviceId`" ``
                 -ed `"$env:computername`""
+
+            If ($useSecondaryCredential) {
+                $testCommand = "$testCommand --use-secondary-credential"
+            }
+
             break
         }
 
@@ -1177,7 +1183,7 @@ Function RunLeafDeviceTest
         {
             $(Throw "Unsupported auth mode $authType")
         }
-     }
+    }
 
     If ($ProxyUri) {
         $testCommand = "$testCommand --proxy `"$ProxyUri`""
@@ -1248,8 +1254,14 @@ Function RunTransparentGatewayTest
     RunLeafDeviceTest "x509CA" "Mqtt" "$deviceId-mqtt-x509ca-inscope-leaf" $edgeDeviceId
     RunLeafDeviceTest "x509CA" "Amqp" "$deviceId-amqp-x509ca-inscope-leaf" $edgeDeviceId
 
-    RunLeafDeviceTest "x509Thumprint" "Mqtt" "$deviceId-mqtt-x509th-inscope-leaf" $edgeDeviceId
-    RunLeafDeviceTest "x509Thumprint" "Amqp" "$deviceId-amqp-x509th-inscope-leaf" $edgeDeviceId
+    # run thumbprint test using primary cert with MQTT
+    RunLeafDeviceTest "x509Thumprint" "Mqtt" "$deviceId-mqtt-pri-x509th-inscope-leaf" $edgeDeviceId
+    # run thumbprint test using secondary cert with MQTT
+    RunLeafDeviceTest "x509Thumprint" "Mqtt" "$deviceId-mqtt-sec-x509th-inscope-leaf" $edgeDeviceId $True
+    # run thumbprint test using primary cert with AMQP
+    RunLeafDeviceTest "x509Thumprint" "Amqp" "$deviceId-amqp-pri-x509th-inscope-leaf" $edgeDeviceId
+    # run thumbprint test using secondary cert with AMQP
+    RunLeafDeviceTest "x509Thumprint" "Amqp" "$deviceId-amqp-sec-x509th-inscope-leaf" $edgeDeviceId $True
 
     Return $testExitCode
 }
diff --git a/smoke/LeafDevice/LeafDevice.cs b/smoke/LeafDevice/LeafDevice.cs
index 339132a8ea0..8689dc70a69 100644
--- a/smoke/LeafDevice/LeafDevice.cs
+++ b/smoke/LeafDevice/LeafDevice.cs
@@ -116,6 +116,7 @@ public LeafDeviceBuilder SetX509ThumbprintAuthProperties(
                 IList<string> thumbprintCerts = new List<string>();
                 if (this.usePrimaryThumbprintClientCert)
                 {
+                    Console.WriteLine("Configure to use primary cert thumbprint for authentication");
                     this.x509CACertPath = Option.Some(Preconditions.CheckNotNull(primaryClientCertificatePath));
                     this.x509CAKeyPath = Option.Some(Preconditions.CheckNotNull(primaryClientCertificateKeyPath));
                     thumbprintCerts.Add(primaryClientCertificatePath);
@@ -123,6 +124,7 @@ public LeafDeviceBuilder SetX509ThumbprintAuthProperties(
                 }
                 else
                 {
+                    Console.WriteLine("Configure to use secondary cert thumbprint for authentication");
                     this.x509CACertPath = Option.Some(Preconditions.CheckNotNull(secondaryClientCertificatePath));
                     this.x509CAKeyPath = Option.Some(Preconditions.CheckNotNull(secondaryClientCertificateKeyPath));
                     thumbprintCerts.Add(Preconditions.CheckNotNull(primaryClientCertificatePath));
diff --git a/smoke/LeafDevice/Program.cs b/smoke/LeafDevice/Program.cs
index e410db97246..f5230bb2d66 100644
--- a/smoke/LeafDevice/Program.cs
+++ b/smoke/LeafDevice/Program.cs
@@ -83,6 +83,12 @@ class Program
         [Option("-ctsk|--x509-secondary-key-path", Description = "Path to a X.509 leaf certificate key file in PEM format. This is needed for thumbprint auth and used as the secondary certificate's key.")]
         public string X509SecondaryKeyPath { get; } = string.Empty;
 
+        [Option(
+            "--use-secondary-credential",
+            Description = "Set value to true if the secondary credential (either certificate or SharedAccessKey) should be used for authentication, " +
+                          "otherwise the primary credential is used by default. Note: currently this is applicable for certificates tests only.")]
+        public bool UseSecondaryCredential { get; } = false;
+
         // ReSharper disable once UnusedMember.Local
         static int Main(string[] args) => CommandLineApplication.ExecuteAsync<Program>(args).Result;
 
@@ -118,24 +124,14 @@ async Task<int> OnExecuteAsync()
                     !string.IsNullOrWhiteSpace(this.X509SecondaryKeyPath))
                 {
                     // use thumbprint auth and perform test for both primary and secondary certificates
-                    var thumbprintCerts = new List<string> { this.X509PrimaryCertPath, this.X509SecondaryCertPath };
-                    builder.SetX509ThumbprintAuthProperties(
-                        this.X509PrimaryCertPath,
-                        this.X509PrimaryKeyPath,
-                        this.X509SecondaryCertPath,
-                        this.X509SecondaryKeyPath,
-                        true);
-                    LeafDevice testPrimaryCertificate = builder.Build();
-                    await testPrimaryCertificate.RunAsync(true);
-
                     builder.SetX509ThumbprintAuthProperties(
                         this.X509PrimaryCertPath,
                         this.X509PrimaryKeyPath,
                         this.X509SecondaryCertPath,
                         this.X509SecondaryKeyPath,
-                        false);
-                    LeafDevice testSeondaryCertificate = builder.Build();
-                    await testSeondaryCertificate.RunAsync();
+                        !this.UseSecondaryCredential);
+                    LeafDevice testThumbprintCertificate = builder.Build();
+                    await testThumbprintCertificate.RunAsync();
                 }
                 else if (!string.IsNullOrWhiteSpace(this.X509CACertPath) &&
                          !string.IsNullOrWhiteSpace(this.X509CAKeyPath))