Cannot Apply Azure AD (Entra ID) Configuration 403 Error

I’m going through this tutorial:

I was able to complete all steps up to the “terraform apply” command where I got an error:

  data.azuread_domains.default: Reading...
  
  Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
    + create
  
  Terraform planned the following actions, but then encountered a problem:
  
    # random_pet.suffix will be created
    + resource "random_pet" "suffix" {
        + id        = (known after apply)
        + length    = 2
        + separator = "-"
      }
  
  Plan: 1 to add, 0 to change, 0 to destroy.
  ╷
  │ Error: Could not list domains
  │
  │   with data.azuread_domains.default,
  │   on main.tf line 8, in data "azuread_domains" "default":
  │    8: data "azuread_domains" "default" {
  │
  │ DomainsClient.BaseClient.Get(): unexpected status 403 with OData error: Authorization_RequestDenied: Insufficient privileges to complete the operation.

I verified that I have an Entra ID tenant and that the tenant is reflected in the ARM_TENANT_ID environment variable.

I verified that my subscription is selected.

I’m not sure what the cause of this error could be. I didn’t make any changes to the Terraform code.

Hello, these are the additional fixes I attempted:

  • I verified that my tenant has Global Administrator privileges
  • I created a service principle and did az login --service-principle
  • Followed “Creating a Service Principal in the Azure Portal” step in this documentation: Terraform Registry. Created a Terraform app registration and got new environment variables. Put new environment variables in my .profile, reloaded Linux profile and ran terraform apply again.

The cause of this error was misconfigured environment variables.