I was trying to create a new resource group on Azure using a Shell script. An app registration was created followed by assigning the 'Contributor' role to the Service Principal. However, the az group create command repeatedly returned 403 Client errors. Operation failed with status: 'Forbidden'. Details: 403 Client Error: Forbidden for url: https://management.azure.com/subscriptions/<subscription id>/resourcegroups/rg-internal?api-version=2018-05-01