diff --git a/quickstart/101-authn-managed-identity/main.tf b/quickstart/101-authn-managed-identity/main.tf
new file mode 100644
index 00000000..aef2cdee
--- /dev/null
+++ b/quickstart/101-authn-managed-identity/main.tf
@@ -0,0 +1,80 @@
+resource "random_pet" "rg_name" {
+  prefix = var.resource_group_name_prefix
+}
+
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = random_pet.rg_name.id
+}
+
+data "azurerm_subscription" "current" {}
+
+resource "azurerm_virtual_network" "example" {
+  name                = "myVnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+resource "azurerm_subnet" "example" {
+  name                 = "mySubnet"
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.example.name
+  address_prefixes     = ["10.0.2.0/24"]
+}
+
+resource "azurerm_network_interface" "example" {
+  name                = "myNic"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.example.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource "azurerm_linux_virtual_machine" "example" {
+  name                = "myVm"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  size                = "Standard_F2"
+  network_interface_ids = [
+    azurerm_network_interface.example.id,
+  ]
+
+  computer_name  = "hostname"
+  admin_username = var.username
+
+  admin_ssh_key {
+    username   = var.username
+    public_key = azapi_resource_action.ssh_public_key_gen.output.publicKey
+  }
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "0001-com-ubuntu-server-jammy"
+    sku       = "22_04-lts"
+    version   = "latest"
+  }
+}
+
+data "azurerm_role_definition" "contributor" {
+  name = "Contributor"
+}
+
+resource "azurerm_role_assignment" "example" {
+  scope              = data.azurerm_subscription.current.id
+  role_definition_name = "Contributor"
+  principal_id       = azurerm_linux_virtual_machine.example.identity[0].principal_id
+}
diff --git a/quickstart/101-authn-managed-identity/outputs.tf b/quickstart/101-authn-managed-identity/outputs.tf
new file mode 100644
index 00000000..a008ee50
--- /dev/null
+++ b/quickstart/101-authn-managed-identity/outputs.tf
@@ -0,0 +1,7 @@
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}
+
+output "azurerm_linux_virtual_machine_name" {
+  value = azurerm_linux_virtual_machine.example.name
+}
diff --git a/quickstart/101-authn-managed-identity/providers.tf b/quickstart/101-authn-managed-identity/providers.tf
new file mode 100644
index 00000000..93ab8819
--- /dev/null
+++ b/quickstart/101-authn-managed-identity/providers.tf
@@ -0,0 +1,22 @@
+terraform {
+  required_version = ">=0.12"
+
+  required_providers {
+    azapi = {
+      source  = "azure/azapi"
+      version = "~>1.5"
+    }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>2.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
\ No newline at end of file
diff --git a/quickstart/101-authn-managed-identity/readme.md b/quickstart/101-authn-managed-identity/readme.md
new file mode 100644
index 00000000..e5c22bbe
--- /dev/null
+++ b/quickstart/101-authn-managed-identity/readme.md
@@ -0,0 +1,25 @@
+# Authentication using managed identities for Azure services
+
+This template deploys a Linux virtual machine (VM) to show an example of how to use managed identities for Azure services.
+
+## Terraform resource types
+
+- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
+- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
+- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
+- [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface)
+- [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine)
+- [azurerm_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)
+
+## Variables
+
+| **Name** | **Description** | **Default** |
+|---|---|---|
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |
+| `username` | The username for the local account that will be created on the new VM. | azureadmin |
+
+## Example
+
+To see how to run this example, see [Authenticate Terraform using Managed Identity for Azure services](https://docs.microsoft.com/azure/developer/terraform/authenticate-to-azure-using-msi).
diff --git a/quickstart/101-authn-managed-identity/ssh.tf b/quickstart/101-authn-managed-identity/ssh.tf
new file mode 100644
index 00000000..7dbe345a
--- /dev/null
+++ b/quickstart/101-authn-managed-identity/ssh.tf
@@ -0,0 +1,24 @@
+resource "random_pet" "ssh_key_name" {
+  prefix    = "ssh"
+  separator = ""
+}
+
+resource "azapi_resource_action" "ssh_public_key_gen" {
+  type        = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  resource_id = azapi_resource.ssh_public_key.id
+  action      = "generateKeyPair"
+  method      = "POST"
+
+  response_export_values = ["publicKey", "privateKey"]
+}
+
+resource "azapi_resource" "ssh_public_key" {
+  type      = "Microsoft.Compute/sshPublicKeys@2022-11-01"
+  name      = random_pet.ssh_key_name.id
+  location  = azurerm_resource_group.rg.location
+  parent_id = azurerm_resource_group.rg.id
+}
+
+output "key_data" {
+  value = azapi_resource_action.ssh_public_key_gen.output.publicKey
+}
\ No newline at end of file
diff --git a/quickstart/101-authn-managed-identity/variables.tf b/quickstart/101-authn-managed-identity/variables.tf
new file mode 100644
index 00000000..27bfc0a7
--- /dev/null
+++ b/quickstart/101-authn-managed-identity/variables.tf
@@ -0,0 +1,17 @@
+variable "resource_group_location" {
+  type        = string
+  description = "Location of the resource group."
+  default     = "eastus"
+}
+
+variable "resource_group_name_prefix" {
+  type        = string
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+  default     = "rg"
+}
+
+variable "username" {
+  type        = string
+  description = "The username for the local account that will be created on the new VM."
+  default     = "azureadmin"
+}