This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 79%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Hi folks,
I am working my way through the AZ-900 training. While attempting the Create an Azure VM exercise, I received the following error:
Code: AuthorizationFailed
Message: The client '<client>' with object id '<objectId>' does not have authorization to perform action '<action>' over scope '<scope>' or the scope is invalid.
The above error was returned after I tried running the provided command to launch a Linux VM:
az vm create --resource-group "learn-9d4ddb67-1d82-4485-ab1f-84f1a1da6a41" --name my-vm --public-ip-sku Standard --image Ubuntu2204 --admin-username azureuser --generate-ssh-keys
Any help is appreciated. Thank you.
This question is related to the following Learning Module
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 16%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Hi James Hambrick,
Thank you for reaching out to us on the Microsoft Q&A forum.
From your question we understand that you are trying to complete the exercise from Exercise - Create an Azure virtual machine.
The error indicates that you're having trouble creating a virtual machine from the sandbox.
To resolve this issue, please follow these troubleshooting steps:
Step 1: Sign out from all tabs in your current browser and clear the cache. Then, try logging in again using your Learn ID credentials.
Step 2: Log out of your current browser session and attempt to log in again using an incognito window or private browsing mode.
Step 3: Switch to a different browser and try logging in again.
Step 4: Attempt to log in with a new personal Microsoft email account in the learning path using a completely different browser. If you don't have one, create a new free Microsoft account. Note that you need to sign in with a Microsoft account, such as Office 365 or Outlook.com, for sandbox access.
Step 5: If you are still unable to create a resource due to insufficient permissions in the sandbox subscription, we recommend signing up for an Azure free account through the link: Azure free account and creating a sandbox environment there.
For instructions on how to conduct Microsoft Learn training exercises using your own subscription, please refer to the following link: Run Microsoft Learn training exercises in your own subscription.
Please don't hesitate to reach out to us if you have any other queries.
If you found the information helpful, we would greatly appreciate it if you could acknowledge it by selecting the Accept Answer & Upvote options.
Hi Rakesh,
Unfortunately, none of those solutions worked. Even creating an Azure free account was not successful. I wondered if the resource group was still configured to my "Azure Learn" account before I changed to a free account, so I manually deleted the resource group which the sandbox created, and now nothing is working. As a free user, I can't create a new resource group. Since deleting the resource group, the CLI will not connect.
I still don't know what to do to resolve the AuthorizationFailed problem from this post, and now am stuck wondering what to do to get back on board with my sandbox.
Thanks.
Hi James Hambrick,
We apologize for the inconvenience caused to you.
We are able to create successfully as shown in below screenshot for your reference:
Please retry the steps provided in the above comment section.
After completing the troubleshooting steps kindly activate a new sandbox by clicking the "Activate sandbox" button for an exercise. Upon activating a sandbox, a default subscription named "Concierge subscription" is generated for the Microsoft Learn Sandbox directory along with a default resource group name starting with learn.
Note: Kindly do not delete any resource groups, the sandbox automatically cleans up your resources when you're finished working with any module.
If you are still facing any issues, kindly let us in comment section with error message and screenshots.
Thank you.