diff --git a/.golangci.yml b/.golangci.yml
index c0c8a3f..da884ce 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -43,7 +43,7 @@ linters-settings:
 
   gocyclo:
     # minimal code complexity to report, 30 by default (but we recommend 10-20)
-    min-complexity: 15
+    min-complexity: 20
 
   maligned:
     # print struct with more effective memory layout or not, false by default
diff --git a/example/composition-with-mgmt-groups.yaml b/example/composition-with-mgmt-groups.yaml
new file mode 100644
index 0000000..d8879c5
--- /dev/null
+++ b/example/composition-with-mgmt-groups.yaml
@@ -0,0 +1,24 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  name: function-azresourcegraph
+spec:
+  compositeTypeRef:
+    apiVersion: example.crossplane.io/v1
+    kind: XR
+  mode: Pipeline
+  pipeline:
+  - step: query-azresourcegraph
+    functionRef:
+      name: function-azresourcegraph
+    input:
+      apiVersion: azresourcegraph.fn.crossplane.io/v1alpha1
+      kind: Input
+      query: "Resources | project name, location, type, id| where type =~ 'Microsoft.Compute/virtualMachines' | order by name desc"
+      managementGroups: ["example"]
+    credentials:
+      - name: azure-creds
+        source: Secret
+        secretRef:
+          namespace: upbound-system
+          name: azure-account-creds
diff --git a/fn.go b/fn.go
index 6be82ad..a423ff7 100644
--- a/fn.go
+++ b/fn.go
@@ -92,14 +92,20 @@ func (f *Function) RunFunction(ctx context.Context, req *fnv1.RunFunctionRequest
 		return rsp, nil
 	}
 
-	// Create the query request, Run the query and get the results. Update the VM and subscriptionID details below.
-	results, err := client.Resources(ctx,
-		armresourcegraph.QueryRequest{
-			Query: to.Ptr(in.Query),
-			Subscriptions: []*string{
-				to.Ptr(subscriptionID)},
-		},
-		nil)
+	queryRequest := armresourcegraph.QueryRequest{
+		Query: to.Ptr(in.Query),
+	}
+
+	if len(subscriptionID) > 0 {
+		queryRequest.Subscriptions = []*string{to.Ptr(subscriptionID)}
+	}
+
+	if len(in.ManagementGroups) > 0 {
+		queryRequest.ManagementGroups = in.ManagementGroups
+	}
+
+	// Create the query request, Run the query and get the results.
+	results, err := client.Resources(ctx, queryRequest, nil)
 	if err != nil {
 		response.Fatal(rsp, errors.Wrap(err, "failed to finish the request"))
 		f.log.Info("FAILURE: ", "failure", fmt.Sprint(err))
diff --git a/fn_test.go b/fn_test.go
index df13a23..cdfa0de 100644
--- a/fn_test.go
+++ b/fn_test.go
@@ -56,6 +56,32 @@ func TestRunFunction(t *testing.T) {
 				},
 			},
 		},
+		"ResponseIsReturnedWithOptionalManagementGroups": {
+			reason: "The Function should accept optional managmenetGroups input",
+			args: args{
+				req: &fnv1.RunFunctionRequest{
+					Meta: &fnv1.RequestMeta{Tag: "hello"},
+					Input: resource.MustStructJSON(`{
+						"apiVersion": "azresourcegraph.fn.crossplane.io/v1alpha1",
+						"kind": "Input",
+						"query": "Resources| count",
+						"managementGroups": ["test"]
+					}`),
+				},
+			},
+			want: want{
+				rsp: &fnv1.RunFunctionResponse{
+					Meta: &fnv1.ResponseMeta{Tag: "hello", Ttl: durationpb.New(response.DefaultTTL)},
+					Results: []*fnv1.Result{
+						{
+							Severity: fnv1.Severity_SEVERITY_FATAL,
+							Message:  "failed to get azure-creds credentials",
+							Target:   fnv1.Target_TARGET_COMPOSITE.Enum(),
+						},
+					},
+				},
+			},
+		},
 	}
 
 	for name, tc := range cases {
diff --git a/input/v1beta1/input.go b/input/v1beta1/input.go
index 1e65cc7..aaff1db 100644
--- a/input/v1beta1/input.go
+++ b/input/v1beta1/input.go
@@ -24,4 +24,7 @@ type Input struct {
 
 	// Query to Azure Resource Graph API
 	Query string `json:"query"`
+	// Azure management groups against which to execute the query. Example: [ 'mg1', 'mg2' ]
+	// +optional
+	ManagementGroups []*string `json:"managementGroups,omitempty"`
 }
diff --git a/input/v1beta1/zz_generated.deepcopy.go b/input/v1beta1/zz_generated.deepcopy.go
index 3b7e60f..49b727c 100644
--- a/input/v1beta1/zz_generated.deepcopy.go
+++ b/input/v1beta1/zz_generated.deepcopy.go
@@ -13,6 +13,17 @@ func (in *Input) DeepCopyInto(out *Input) {
 	*out = *in
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.ManagementGroups != nil {
+		in, out := &in.ManagementGroups, &out.ManagementGroups
+		*out = make([]*string, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(string)
+				**out = **in
+			}
+		}
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Input.
diff --git a/package/input/azresourcegraph.fn.crossplane.io_inputs.yaml b/package/input/azresourcegraph.fn.crossplane.io_inputs.yaml
index 6a3fc44..b765bba 100644
--- a/package/input/azresourcegraph.fn.crossplane.io_inputs.yaml
+++ b/package/input/azresourcegraph.fn.crossplane.io_inputs.yaml
@@ -36,6 +36,12 @@ spec:
               In CamelCase.
               More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
+          managementGroups:
+            description: 'Azure management groups against which to execute the query.
+              Example: [ ''mg1'', ''mg2'' ]'
+            items:
+              type: string
+            type: array
           metadata:
             type: object
           query: