Skip to main content
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Error getting OData from Microsoft Graph: Access to the resource is forbidden



I am getting an error "Access to the resource is forbidden" when trying to access Microsoft Graph in Power BI Desktop report.

Microsoft Graph URL is

I am logging in using Organization Account.

I have Global Admin role in the tenant.


The report was working normally for months, but stopped since yesterday.

I even tried creating new one - same result.

Accessing the same URL from Graph Explorer works fine.


What could actually impact this kind of error?

Status: New
Regular Visitor

I have the same problem - it started on June 1st.


I placed a service call to MS through Azure, but I got the info that connecting to MS Graph from PowerBI using oAuth is an unsupported configuration 😕 Great support....

The service that use this connection in my company is completetly down at the moment.

But I'm not giving up...


Same problem here. 😞

Community Support

Hi all, 


I got information below: 


We do not support connecting to Graph. Because of various auth challenges, generic OData connectivity does not work.


Users should vote for a dedicated Graph connector on UserVoice to register their interest. 


Best Regards,
Qiuyun Yu 

Not applicable

@v-qiuyu-msft what do you mean you don't support it.. its been working for months, it only stopped a few days ago..

Regular Visitor

Exactly - and what about a time period to make a neccessary changes in our services? What about any notifications to clients?

Someone just flipped the lever and ups....connectivity doesn't work anymore. And work yourself out!

Regular Visitor

@v-qiuyu-msft if OData with OAuth is not supported, what are our options connecting to Graph API from Power BI? We have tools and processes running based on data from Graph API. It is down more than a week now. We have to come up with alternatives


Here's an alternative:


  1. Register an App in Azure AD (webapp)
  2. Add the Service Microsoft.Graph and select all the permissions you need
  3. In PowerQuery
    1. create an "accessToken" query (see image)
    2. Use the Odata authorization header parameter (see image)
  4. Select anonymous as the authentication for the graph api, because we are handling it manually


Unfortunately wont work w/ schedule refresh, but could be something I'm doing wrong.


But at least works on PBIDesktop



Not applicable

I just can't understand how one day a service is used by potentially hundreds of customers, running potentially thousands of reports.. and without any community awareness, customer communication, the service dissapears, and everything breaks..


Please bring some more information to this.


"We do not support connecting to Graph. Because of various auth challenges, generic OData connectivity does not work."

Not applicable

@v-qiuyu-msft, we're going to need more information than that.


"We do not support connecting to Graph. Because of various auth challenges, generic OData connectivity does not work."


It worked fine for a long time. Something changed on Graph's side of things that has now completely broken many, many reports that our clients use, as well as reports we use internally. This has put a huge wrench in projects we have in-progress based on what was working fine for a long time. Microsoft Graph is a huge component in leveraging Row-Level Security in Power BI; when you take away components of the O365 ecosystem from Power BI, you make Power BI a less valuable tool.


I know how we can approach this by pulling auth tokens on a schedule with Flow and reading those in our Power BI scheduled refresh, but the extra dev time for this is going to be very, very painful, and it's much less secure.

Regular Visitor

Thanks a lot for sharing, @ruiromano!

Code seems to be ok, but I am getting an error: Formula.Firewall: Query 'Devices (Azure AD)' (step 'Source') references other queries or steps, so it may not directly access a data source. Please rebuild this data combination.

Anyone has a clue why this is happening? 
AzureAccessToken query is returing token successfully, but I can't use it in OData.Feed method.



Azure Graph API Url

Azure Tenant Id = ...
Azure Application Id = ...

Azure Application Client Secret = ...

Query: AzureAccessToken


    TokenUri = "" & #"Azure Tenant Id" & "/oauth2/token",
    ResourceId = "",
    TokenResponse = Json.Document(Web.Contents(TokenUri, 
	Content = Text.ToBinary(Uri.BuildQueryString([client_id = #"Azure Application Id", resource = ResourceId, grant_type = "client_credentials", client_secret = #"Azure Application Client Secret"])), 
	Headers = [Accept = "application/json"], ManualStatusHandling = {400}
    AzureAccessToken = TokenResponse[access_token]

Query: Devices (Azure AD)


    Source = OData.Feed(#"Azure Graph API Url" & "devices", [Authorization = "Bearer " & AzureAccessToken])