diff --git a/src/deployment/deploy.py b/src/deployment/deploy.py
index ee9a88e467..5a47fa3d54 100644
--- a/src/deployment/deploy.py
+++ b/src/deployment/deploy.py
@@ -300,7 +300,33 @@ def setup_rbac(self) -> None:
                 service_principal_type="Application",
                 app_id=app.app_id,
             )
-            client.service_principals.create(service_principal_params)
+
+            def try_sp_create() -> None:
+                error: Optional[Exception] = None
+                for _ in range(10):
+                    try:
+                        client.service_principals.create(service_principal_params)
+                        return
+                    except GraphErrorException as err:
+                        # work around timing issue when creating service principal
+                        # https://github.com/Azure/azure-cli/issues/14767
+                        if (
+                            "service principal being created must in the local tenant"
+                            not in str(err)
+                        ):
+                            raise err
+                    logging.warning(
+                        "creating service principal failed with an error that occurs "
+                        "due to AAD race conditions"
+                    )
+                    time.sleep(60)
+                if error is None:
+                    raise Exception("service principal creation failed")
+                else:
+                    raise error
+
+            try_sp_create()
+
         else:
             app = existing[0]
             existing_role_values = [app_role.value for app_role in app.app_roles]