diff --git a/app/auth/plugins/azure_managed_identity/outgoing_test.go b/app/auth/plugins/azure_managed_identity/outgoing_test.go
index 951e3dd..3da3eb2 100644
--- a/app/auth/plugins/azure_managed_identity/outgoing_test.go
+++ b/app/auth/plugins/azure_managed_identity/outgoing_test.go
@@ -355,12 +355,23 @@ func TestFetchTokenUsesIdentityEndpoint(t *testing.T) {
 }
 
 func TestFetchTokenMissingIdentityHeader(t *testing.T) {
-	t.Setenv("IDENTITY_ENDPOINT", "http://localhost/identity")
-	t.Setenv("IDENTITY_HEADER", "")
+        t.Setenv("IDENTITY_ENDPOINT", "http://localhost/identity")
+        t.Setenv("IDENTITY_HEADER", "")
 
-	if _, _, err := fetchToken(context.Background(), "api://res", ""); err == nil {
-		t.Fatal("expected error for missing identity header")
-	}
+        if _, _, err := fetchToken(context.Background(), "api://res", ""); err == nil {
+                t.Fatal("expected error for missing identity header")
+        }
+}
+
+func TestFetchTokenMissingMSISecret(t *testing.T) {
+        t.Setenv("IDENTITY_ENDPOINT", "")
+        t.Setenv("IDENTITY_HEADER", "")
+        t.Setenv("MSI_ENDPOINT", "http://localhost/msi")
+        t.Setenv("MSI_SECRET", "")
+
+        if _, _, err := fetchToken(context.Background(), "api://res", ""); err == nil {
+                t.Fatal("expected error for missing MSI secret")
+        }
 }
 
 func TestFetchTokenUsesMSIEndpoint(t *testing.T) {