Unable to create O365 group via PnP PowerShell using app only permissions

Hi,

 

I'm having a nightmare trying to get app only permissions working for creating a new unified group using PnP PowerShell.

 

If I use 'Connect-PnPMicrosoftGraph -Scopes "Group.ReadWrite.All","User.Read.All"', then sign in as my admin account and accept the permissions I can successfully use New-PnPUnifiedGroup.

 

I've followed the instructions here https://github.com/SharePoint/PnP-PowerShell/tree/master/Samples/Graph.ConnectUsingAppPermissions which many others have linked to to set up an application via https://apps.dev.microsoft.com.

 

I've granted the same permissions (plus more!). I can use Connect-PnPOnline with my app ID and secret (password), I don't get an error. But when I try any graph commands such as New-PnPUnifiedGroup I just get the generic error 'Exception of type 'Microsoft.Graph.ServiceException' was thrown'.

 

It's driving me crazy, I assume something is wrong with the application I registered as I can get things working otherwise. I understand app only is possible and should work to create groups, but I'm wondering what obvious thing I have done wrong.

 

Any help massively appreciated!