Our application requires users to consent to the following Microsoft Graph permission scopes: offline_access User.ReadBasic.All Directory.Read.All Mail.ReadBasic.All.
Some users, despite being global administrators, are faced with the following error when granting these permissions to our application through the Microsoft Graph oAuth flow: Authorization_RequestDenied: Insufficient privileges to complete the operation.
This error is generated after the user grants permissions, and then we call the MS Graph "users" endpoint like so: https://graph.microsoft.com/v1.0/users?$select=id,displayName,mail,userPrincipalName&$filter=userType eq 'Member'.