I want to create a management group via terraform, I always get this error:
Error: Error checking for presence of existing Management Group “44e31673-2f5b-4215-ac95-e44989bd79b1”: managementgroups.Client#Get: Failure responding to request: StatusCode=403
– Original Error: autorest/azure: Service returned an error. Status=403 Code=“AuthorizationFailed” Message=“The client x with object id x does not have authorization to perform action ‘Microsoft.Management/managementGroups/read’ over scope ‘/providers/Microsoft.Management/managementGroups/44e31673-2f5b-4215-ac95-e44989bd79b1’ or the scope is invalid. If access was recently granted, please refresh your credentials.”
But my service principal (Azure AD App) is owner in the Tenant Root Group? What authorizations does the service principal need?
The Management Group “44e31673-2f5b-4215-ac95-e44989bd79b1” does not yet exist and the ID was created by Terraform.
Can you help me with this topic?