Azure function app secured by AAD: You do not have permission to view this directory or page

Question

follow the docs
https://learn.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient-enterpriseapi-multitenant
Create a multi-tenant enterprise API secured with Azure AD
when access funtion api from another tenant with admin account

Answer 1

thanks for all your response
I found out the reason by tracking the response request with fiddler.

=AADSTS650052%3A+The+app+needs+access+to+a+service+%28%5C%22http%3A%2F%2Frts.powerapps.com%5C%22%29+that+your+organization+has+not+subscribed+to+or+enabled.

So i removed the PowerApps permission from the AD App / API Permission, it worked.
this AD App was created by Function App / Authentication automatically, don't know why add this permission.
Other Permissions are
MS Graph - User.Read
Azure Service Management - user_impersonation

Answer 2

Hi @Justin Jia ,
The test I did was successful,
Test result(I test with two SharePoint tennats):

You can focus on the configuration after Make the Azure AD application multi-tenant.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

With the error you have mentioned , it seems that you are past the authentication of Azure AD but the application is returning some error. Could you please check the directory/logs in Kudu for the same using the URL https://aes2020.scm.azurewebsites.net/ while reproducing the issue? If you are unable to find anything in logs then you may require to collect a fiddler trace to understand more . Please reproduce the issue using an incognito window and closing all other apps to reduce noise in the HTTP traffic capture. use the details here to collect a fiddler trace and send it to azcommunity [at] microsoft [dot] com referencing this issue along with your azure subscription ID and we will further help you on this.