Receiving 'General exception while processing' when calling MS Graph

Question

When calling the graph api using an application created in Azure, I'm receiving the following 401 response:

{
    "error": {
        "code": "generalException",
        "message": "General exception while processing",
        "innerError": {
            "date": "2025-11-11T02:14:11",
            "request-id": "2810f1c0-63b9-4b64-949c-964371554df7",
            "client-request-id": "2810f1c0-63b9-4b64-949c-964371554df7"
        }
    }
}

The Azure application has Sharepoint Application type permissions for Sites.FullControl.All. and has been granted by admin.

I'm trying to call the Graph API: https://learn.microsoft.com/en-us/graph/api/site-list-permissions?view=graph-rest-1.0&tabs=http List permissions which requires the assigned permission mentioned above

Answer 1

Hello Ryan,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I will try to clarify your doubts and proposed you some solutions.

So, the error generalException with HTTP 401 indicates authorization failure at Graph’s resource layer. Common causes can be:

• Wrong token audience: Token must be for https://graph.microsoft.com/.
• Missing scope in token: For application permissions, you need Sites.FullControl.All granted and admin consent applied.
• Using delegated flow instead of app-only: The endpoint List permissions supports application permissions, but you must call it with client credentials flow (no user context).
• SharePoint site access: Even with Graph permission, the app must have access to the specific site collection. For app-only calls, SharePoint requires granting the app access via AppInv.aspx or Sites.Selected model.

If you’re using Sites.Selected, you must explicitly grant the app access to the site using Graph grantAccess API.

Could you please check and confirm below as:

How was the token obtained? (Client credentials flow or delegated user flow?) Does the token contain roles: Sites.FullControl.All? (Decode at https://jwt.ms)Is the app registered as multi-tenant or single-tenant? Is the site a SharePoint Online site and accessible via Graph?

Are you using the correct endpoint? (https://graph.microsoft.com/v1.0/sites/{site-id}/permissions)

Till then will Suggest you to try below workarounds as:

1.Verify Token and Flow

Use client credentials flow:

POST https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

Content-Type: application/x-www-form-urlencoded

client_id={app-id}

scope=https://graph.microsoft.com/.default

client_secret={secret}

grant_type=client_credentials

Decode token at https://jwt.ms > confirm roles includes Sites.FullControl.All.

Refer: https://learn.microsoft.com/en-us/graph/auth-v2-service?tabs=http

2. Check Permission Model

If using Sites.Selected, you must grant access to the site:

POST https://graph.microsoft.com/v1.0/sites/{site-id}/permissions

{

"roles": ["write"],

"grantedToIdentities": [

{

"application": {

"id": "{app-id}",

"displayName": "{app-name}"

}

}

]

}
refer: https://learn.microsoft.com/en-us/graph/permissions-reference#sitesselected

3.Confirm Endpoint and Method

Correct endpoint for listing permissions: GET https://graph.microsoft.com/v1.0/sites/{site-id}/permissions

Do refer: https://learn.microsoft.com/en-us/graph/api/site-list-permissions?view=graph-rest-1.0&tabs=http

4. Validate SharePoint Access

Even with Graph permissions, SharePoint requires app-only access configuration. For Sites.FullControl.All, ensure admin consent is granted in Azure AD:

Azure Portal > App Registration > API Permissions > Grant admin consent.

https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent

5.Troubleshoot Common Causes

If token is valid and consented, but still fails:

Check if the site is a group-connected site (requires extra Graph permissions) and ensure no Conditional Access policy blocks app-only calls.

GET https://graph.microsoft.com/v1.0/sites/{site-id}/permissions

Hope this helps!

Regards,

Monalisha