I understand that MS Graph API would be a proper way to do it, but I still have to use Azure AD Graph API. So, I put my request for signInEvents at https://graphexplorer.azurewebsites.net/#. It works as I got my events. The response contains
It is not possible to use the next link because it doesn't work. If you replace reportingservice.activedirectory.windowsazure.com with graph.windows.net as in my original request it works as expected. I don't think that it is a proper workflow to change the next link every time. Is it a bug?
I have tested it with my own application. Firstly, I have assigned delegated permissions, then I removed them and assigned application permissions.
- Azure Active Directory Graph (Directory.Read.All)
- Microsoft Graph (Directory.Read.All)
With delegated permission assigned I have got an exception "AADSTS65001: The user or administrator has not consented to use the application"
With application permissions assigned I have got an exception Authentication_ApplicationHasNoDirectoryReadAccess
All requests to graph.windows.net were successfully performed.
What kind of permissions do I need to have then? And how I should use this "reportingservice.activedirectory.windowsazure.com" next link?