I recently went through this, and if you’re running into auth issues re: subscription creation, you’ll want to check your the IAM permissions set-up for billing under whichever identity you’re using to execute Terraform.
In my case, I assigned the “Azure subscription creator” role to the service principal to be used in creating subscriptions at the Invoice Section scope for my company’s MCA (Billing Account → Billing Profile → Invoice Section, much like you’d see if you were creating a subscription via the portal).
Hope this helps!