diff --git a/quickstart/101-virtual-network-manager-create-management-group-scope/main.tf b/quickstart/101-virtual-network-manager-create-management-group-scope/main.tf
index 57069266..5ff10534 100644
--- a/quickstart/101-virtual-network-manager-create-management-group-scope/main.tf
+++ b/quickstart/101-virtual-network-manager-create-management-group-scope/main.tf
@@ -47,6 +47,7 @@ data "azurerm_subscription" "current" {
 resource "random_pet" "management_group_name" {
   prefix = "AVNM-management-group"
 }
+
 resource "azurerm_management_group" "mg" {
   display_name = random_pet.management_group_name.id
 
@@ -55,14 +56,21 @@ resource "azurerm_management_group" "mg" {
   ]
 }
 
+data "azurerm_client_config" "this" {}
+
+resource "azurerm_role_assignment" "management_group_owner" {
+  principal_id         = coalesce(var.msi_id, data.azurerm_client_config.this.object_id)
+  scope                = azurerm_management_group.mg.id
+  role_definition_name = "Contributor"
+}
+
 # register Microsoft.Network to the Management Group
 
 resource "null_resource" "register_rp_to_mg" {
   provisioner "local-exec" {
-    command = <<CMD
-         az provider register --namespace 'Microsoft.Network' -m ${azurerm_management_group.mg.name}
-    CMD
+    command = "az provider register --namespace Microsoft.Network -m ${azurerm_management_group.mg.name}"
   }
+  depends_on = [azurerm_role_assignment.management_group_owner]
 }
 
 resource "time_sleep" "wait_5_seconds" {
diff --git a/quickstart/101-virtual-network-manager-create-management-group-scope/variables.tf b/quickstart/101-virtual-network-manager-create-management-group-scope/variables.tf
index 10af0af3..b4c19d1b 100644
--- a/quickstart/101-virtual-network-manager-create-management-group-scope/variables.tf
+++ b/quickstart/101-virtual-network-manager-create-management-group-scope/variables.tf
@@ -8,4 +8,10 @@ variable "resource_group_name_prefix" {
   type        = string
   description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
   default     = "rg"
+}
+
+variable "msi_id" {
+  type    = string
+  description = "(Optional) Manage identity id that be used as authentication method. Defaults to `null`."
+  default = null
 }
\ No newline at end of file
diff --git a/test/e2e/discard_writer.go b/test/e2e/discard_writer.go
new file mode 100644
index 00000000..eaa1bb45
--- /dev/null
+++ b/test/e2e/discard_writer.go
@@ -0,0 +1,11 @@
+package e2e
+
+import "io"
+
+var discardWriter io.Writer = discard{}
+
+type discard struct{}
+
+func (d discard) Write(p []byte) (n int, err error) {
+	return len(p), nil
+}
diff --git a/test/e2e/quickstart_test.go b/test/e2e/quickstart_test.go
index da40dfc5..691995a3 100644
--- a/test/e2e/quickstart_test.go
+++ b/test/e2e/quickstart_test.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"fmt"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 	"testing"
@@ -17,7 +18,8 @@ import (
 )
 
 var speicalTests = map[string]func(*testing.T){
-	"quickstart/201-vmss-packer-jumpbox": test201VmssPackerJumpbox,
+	"quickstart/201-vmss-packer-jumpbox":                                   test201VmssPackerJumpbox,
+	"quickstart/101-virtual-network-manager-create-management-group-scope": test101VirtualNetworkManagerCreateManagementGroupScope,
 }
 
 func Test_Quickstarts(t *testing.T) {
@@ -141,6 +143,36 @@ func test201VmssPackerJumpbox(t *testing.T) {
 	}, nil)
 }
 
+func test101VirtualNetworkManagerCreateManagementGroupScope(t *testing.T) {
+	rootPath := filepath.Join("..", "..")
+	f := filepath.Join("quickstart", "101-virtual-network-manager-create-management-group-scope")
+	tenantId := os.Getenv("ARM_TENANT_ID")
+	clientId := os.Getenv("ARM_CLIENT_ID")
+	clientSecret := os.Getenv("ARM_CLIENT_SECRET")
+	msiId := os.Getenv("MSI_ID")
+	var cmd *exec.Cmd
+	if tenantId != "" && clientId != "" && clientSecret != "" {
+		cmd = exec.Command("az", "login", "--service-principal", "-u", clientId, "-p", clientSecret, "--tenant", tenantId)
+		err := cmd.Run()
+		require.NoError(t, err, "cannot login via service principal: %+v", err)
+	} else if msiId != "" {
+		cmd = exec.Command("az", "login", "--identity", "--username", msiId)
+		err := cmd.Run()
+		require.NoError(t, err, "cannot login via identity: %+v", err)
+	} else {
+		t.Fatalf("To test `quickstart/101-virtual-network-manager-create-management-group-scope` you must set `ARM_TENANT_ID`, `ARM_CLIENT_ID`, `ARM_CLIENT_SECRET`, or set `MSI_ID` so we can run `az login`.")
+	}
+	cmd.Stdout = discardWriter
+	defer func() {
+		cmd := exec.Command("az", "logout")
+		cmd.Stdout = discardWriter
+		_ = cmd.Run()
+	}()
+	helper.RunE2ETest(t, rootPath, f, terraform.Options{
+		Upgrade: true,
+	}, nil)
+}
+
 func removeDuplicates(s []string) []string {
 	m := make(map[string]struct{})
 	result := []string{}