401 error when you use Graph API to access OneDrive data with location-based policy enabled

Symptoms

An application calls the Microsoft Graph API to query OneDrive resources. If a location-based policy is enabled, requests to the Graph API return a 401 "Unauthorized" error message. This issue occurs even if the user is within the trusted boundary.

Cause

The issue occurs because the Graph API doesn't pass the user's IP address to SharePoint. Therefore, SharePoint can't determine whether the user is within the trusted boundary. The only apps that currently support location-based policies are Viva Engage and Exchange. It means that all other apps are blocked, even when these apps are hosted within the trusted network boundary.

Workaround

To work around this issue, set conditional access in Microsoft Entra ID.

Have a question or need help! Contact me 😊❤️