Hello @Nick Dowmon ,
Thanks for reaching out.
This API endpoint "https://main.iam.ad.ext.azure.com/" meant for handling requests originated "https://portal.azure.com", in addition to that you won't be able to delegate any API permission for application related with this API as this one is hidden for Tenant.
Therefore, 401 - Unauthorized: Access denied
is expected message since application doesn't have access to API.
Similar ask from Tech community forum
with that said, Microsoft Graph API is recommended and supported way for programmatically manage, administrate and automate Azure AD directory.
For more details, read:
Working with Azure Active Directory resources in Microsoft Graph: https://learn.microsoft.com/en-us/graph/api/resources/azure-ad-overview?view=graph-rest-1.0
Beta: https://learn.microsoft.com/en-us/graph/api/resources/azure-ad-overview?view=graph-rest-beta
Hope this helps.
----------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.