Apply-SPOProvisioningTemplate or Get-SPOProvisioningTemplate? The issue is most likely related to the Provisioning Engine. The Provisioning engine is _not_ located in the PowerShell repo. Please report the issue here: https://github.com/officedev/PnP-Sites-Core/issues.Please confirm what it is that your reporting
We have tried a number of the Taxonomy PnP CommandLets and we are experiencing the same problem. We are trying to automate updates to the term store and as such the Connect-PnPOnline authentication method is using an App Registration with with TermStore.ReadWrite.All. We are successfully updating other parts of SharePoint using this method, but we can't update the term store.
Please describe what output you expect to see from PnP-PowerShell Cmdlets
We expect the command to update the term store, either through import or directly adding new entries.
Please describe what you see instead. Please provide samples of HTML output or screenshots



Please include complete code samples in-line or linked from gists
$NHConnection = Connect-PnPOnline -Url https://tenant.sharepoint.com/sites/test -tenant tenant.onmicrosoft.com -CertificatePath "C:\Temp\AutomationAccess.pfx" -ClientId 000000-0000-0000-000
Export-PnPTaxonomy -Path "C:\Temp\termstore.xml" -Connection $NHConnection
Import-PnPTaxonomy -Path "C:\Temp\termstore.xml" -Connection $NHConnection
(you can retrieve this by executing Get-Module -Name *pnppowershell* -ListAvailable)
3.12.1908.1
Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.
Just wanted to mention that we face exactly the same issue. We are using Connect-PnPOnline with Thumbprint switch. We can deploy everything/almost everything to the SharePoint Online tenant. The only issue is when we try to deploy custom Term Groups.
$AdminConnection = Connect-PnPOnline `
-Thumbprint '3F662A18E394693DA8EFD6A6C214E155B4909323' `
-Tenant <Tenant>.onmicrosoft.com `
-ClientId 60546258-03d4-XXXX-8848-2965c75b75ee `
-Url https://<Tenant>-admin.sharepoint.com -ReturnConnection
Connect-PnPOnline `
-Thumbprint '3F662A18E394693DA8EFD6A6C214E155B4909323' `
-Tenant <Tenant>.onmicrosoft.com `
-ClientId 60546258-03d4-XXXX-8848-2965c75b75ee `
-Url https://<Tenant>.sharepoint.com
Apply-PnPProvisioningTemplate -Path ./Core/PnP_TenantTaxonomy.xml -Connection $AdminConnection

App permissions

@linusjody, Thanks to @wobba There is a solution to this issue in this article: techmikael.com/2018/08/modifying-terms-using-app-only-tokens.html
Turns out, we can add app@sharepoint account to the Term Store Administrators. That solves the issue.
Quote:
But turns out this is not entirely true – there is an undocumented work-around which seems to work just fine. The underlying principal for the app-only addin is i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint.
If you go to the term store admin center, and add app@sharepoint as a term store admin, it all works! Very handy, very undocumented, probably not supported – but hey – I’m running a script here.

And that approach is or will be publicly supported as well.
Most helpful comment
@linusjody, Thanks to @wobba There is a solution to this issue in this article: techmikael.com/2018/08/modifying-terms-using-app-only-tokens.html
Turns out, we can add
app@sharepointaccount to the Term Store Administrators. That solves the issue.Quote: