Error while provisioning Terraform subnet using azurerm

When creating a subnet in a virtual network, it is mandatory to check if it is not jumping out of the network range.

You are just out of the range with your network mask: 10.1.0.0/16

First host: 10.1.0.1    
Last  host: 10.1.255.254

And you are trying to create subnet 10.2.0.0/22.

For not overlapping with subnets that are already created, 10.1.4.0/22, can be accepted, for instance.

As mentioned in my comment and in someone's answer, Azure is throwing this error because you are trying to add a 10.2.0.0/22 subnet to a 10.1.0.0/16 network. ie- 10.2.0.0/22 is not part of that network.

I also want to point out that when you run a plan that is not submitting the actual API calls to Azure to make the changes, which is why things looked fine to you when you ran your plan, but Azure complained when you tried to apply it. I think the explanation is good in this tutorial. The excerpts that are applicable are:

Once you are happy with your declared configuration, you can ask Terraform to generate an execution plan for it. The plan command in the CLI is used to generate an execution plan from a configuration. The execution plan tells you what changes Terraform would need to make to bring your current infrastructure to the declared state in your configuration.

If you accept the plan you can instruct Terraform to apply changes. Terraform will make the API calls required to implement the changes. If anything goes wrong terraform will not attempt to automatically rollback the infrastructure to the state it was in before running apply. This is because apply adheres to the plan