![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 8%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZJ%3C/text%3E%3C/svg%3E)
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,445 questions
First go to your application's Manifest blade, then find the signInAudience property and change it to: AzureADMyOrg. This will ensure that your application can be granted the Directory.AccessAsUser.All delegated permission.
Also, if you call graph api then you must use Azure AD based authentication flow (eg: ROPC flow or auth code flow)to get the token. Tokens for user flow or custom policy can only be used to call the web api and not the graph api.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.