First go to your application's Manifest blade, then find the signInAudience
property and change it to: AzureADMyOrg
. This will ensure that your application can be granted the Directory.AccessAsUser.All
delegated permission.
Also, if you call graph api then you must use Azure AD based authentication flow (eg: ROPC flow or auth code flow)to get the token. Tokens for user flow or custom policy can only be used to call the web api and not the graph api.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.