If you are running into the message

Values of identifierUris property must use a verified domain of the organization or its subdomain

after executing “az ad sp create-for-rbac” in Azure CLI, try updating your Azure CLI version. Versions starting with 2.25 should fix the issue. More on this here

To check your version run

az version

To upgrade your CLI just run

az upgrade

In case az upgrade doesn’t work for you, you are on a version too old, so you have to install the upgrade manually.

If you’re on an new version there’s also a way to automatically stay up to date:

az config set auto-upgrade.enable=yes