Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)

Question

I'm trying to get the events from outlook calendar but I get an error doing so. I have an app registered on Azure Portal (free plan), which I'm using to read the events with Nodejs. This are the permissions I've set in order to be able to query the Microsoft Graph API:

Using https://login.microsoftonline.com/{tenantId}/oauth2/authorize?client_id={clientId}&response_type=code&redirect_uri=http://localhost:3000&scope=https://graph.microsoft.com/.default openid profile offline_access&state=12345 I've been able to get a {code} which I'm using to redeem an access token using https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token with this body parameters:

{
    "grant_type": "authorization_code",
    "code": "{code}",
    "redirect_uri": "http://localhost:3000",
    "client_id": "{clientId}",
    "client_secret": "{clientSecret}",
    "scope": "https://graph.microsoft.com/.default openid profile offline_access"
}

I believe that the scope of this token is also suitable for what I need:

When I try to make a request to https://graph.microsoft.com/v1.0/{tenantId}/users or even https://graph.microsoft.com/v1.0/997f56e7-06b6-44ad-be6a-3cc7377ae54a/users/{userId}, I get the users data without problems. The response looks like this:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
    "businessPhones": [],
    "displayName": "My Display Name",
    "givenName": "My Name",
    "jobTitle": null,
    "mail": null,
    "mobilePhone": null,
    "officeLocation": null,
    "preferredLanguage": "en",
    "surname": "My Surname",
    "userPrincipalName": "...@....onmicrosoft.com",
    "id": "aaaaaaaa-bbbb-cccc-..."
}

But when I make a request to https://graph.microsoft.com/v1.0/{tenantId}/users/{userId}/calendars I get the following error:

{"error":{"code":"OrganizationFromTenantGuidNotFound","message":"The tenant for tenant guid '[tenantGuid]' does not exist.","innerError":{"oAuthEventOperationId":"bf9e026f-6160-4975-8952-1796d0903882","oAuthEventcV":"tiG/jGvOvqjHEw5i0jde2Q.1","errorUrl":"https://aka.ms/autherrors#error-InvalidTenant","requestId":"b274ff09-22e7-48ff-abfa-1703c90ad358","date":"2023-03-28T07:42:17"}}}

I followed this documentation: https://learn.microsoft.com/en-us/graph/api/user-list-calendars?view=graph-rest-1.0&tabs=http

Also, I did an extensive search about this error and I found that I needed a Microsoft 365 subscription, so I bought one. I currently have the Microsoft 365 personal plan.

And I added the Office 365 Management APIs permissions on Azure Portal.

I still have the same issue, do I need to set up the tenant again? Do I need to change something in the configuration or am I missing something? Maybe I don't have the right subscription, do I need a Microsoft 365 Business subscription? How can I solve it?

What's interesting is that when I try to make the exact same requests using the Microsoft Graph Explorer it works as expected. And if I use the token given there in Access token tab in my backend it works as well, so I believe the problem is with the token I'm getting.

Answer 1

Hi @Josep

From your error message, this is indeed an error caused by your tenant's lack of O365 licenses.

After you purchase an O365 license for your tenant, you also need to assign it to users, and only users who are assigned O365 licenses can use Exchange mailboxes.

By the way, when you use the auth code flow to get a token, you should call the /me endpoint instead of the /users/{user id} endpoint, because this is the context of the delegation.

https://graph.microsoft.com/v1.0/me/calendars

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.