...
Follow below instructions to create the above (reference)
Step - 1: Application Registration
...
Click on API permissions on the left
Click Add a permission
Select Microsoft Graph
Then choose application permissions (not delegated).
In the Select permissions section, search for and select the permissions mentioned below:
User.ReadWrite.All
Group.ReadWrite.All
Organization.Read.All
Application.ReadWrite.All
Directory.ReadWrite.All
DeviceManagementApps.ReadWrite.All (For Microsoft Intune)
DeviceManagementApps.ManagedDevices.All (For Microsoft Intune)
Finalize the permission settings by clicking Add permissions and then Grant admin consent (if you selected permissions that require admin consent). Note that if you are not an admin, you won’t be able to complete the last step yourself, but need to ask your admin friend to click on the button for you.
...