@南 超 Thank you for reaching out to us, As I understand you are trying to deploy/do Azure AD labs within Microsoft Learn Sandbox, this is a by design behavior as creating azure sandbox only provides user with contributor access so anything with AAD/RBAC will result in permission error.
Given that, we should be converting this module to use BYOS model – bring your own subscription in order for users to complete the provided steps.
Our team is aware of the same and will be making the changes at earliest.
There's a link to report feedback for training at the bottom of each unit in a Learn module. This will allow you to send our teams communication about the content or Learn experience.
Let me know if you have any further questions.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.