Azure AD Group- Authorization_RequestDenied - Insufficient privileges to complete the operation

Question

I’m trying to create the Azure AD Group using the following terraform code through the Azure DevOps.

# Create Azure AD Group in Active Directory for AKS Admins
resource "azuread_group" "aks_administrators" {
  #name        = "${azurerm_resource_group.aks_rg.name}-administrators"
  display_name        = "${azurerm_resource_group.aks_rg.name}-${var.environment}-administrators"
  description = "Azure AKS Kubernetes administrators for the ${azurerm_resource_group.aks_rg.name}-${var.environment} cluster."
  security_enabled = true
}

I have followed these steps to provide the permission to create Azure AD Groups through the Azure DevOps ARM service connection (Service Principle).

• Provide permission for Service connection created in previous step to create Azure AD Groups

• Go to -> Azure DevOps -> Select Organization -> Select project terraform-azure-aks

• Go to Project Settings -> Pipelines -> Service Connections

• Open terraform-aks-azurerm-svc-con

• Click on Manage Service Principal, new tab will be opened

• Click on View API Permissions

• Click on Add Permission

• Select an API: Microsoft APIs

• Commonly used Microsoft APIs: Supported legacy APIs: Azure Active Directory Graph-DEPRECATING Use Microsoft Graph

• Click on Application Permissions

• Check Directory.ReadWrite.All and click on Add Permission

• Click on Grant Admin consent for Default Directory

But I’m getting the following error:

Error: Creating group "xxxxxxxxxx-administrators" │ │ with azuread_group.aks_administrators, │ on 06-aks-administrators-azure-ad.tf line 2, in resource "azuread_group" "aks_administrators": │ 2: resource "azuread_group" "aks_administrators" { │ │ graphrbac.GroupsClient#Create: Failure responding to request: │ StatusCode=403 -- Original Error: autorest/azure: Service returned an │ error. Status=403 Code="Unknown" Message="Unknown service error" │ Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2022-01-25T04:06:31","message":{"lang":"en","value":"Insufficient │ privileges to complete the │ operation."}}}]