I'm wondering if there have been potentially any changes to Microsoft Graph's ability to be queried via the user login auth flow.
I've got clients using Microsoft Graph in their Power BI reports, and it's fairly simple to use that data. You can use an OData feed or the Web connector, and you authenticate with an Organizational Account. These same reports have been using Graph with no issue for quite some time, and this is occuring across multiple AAD tenancies, not just us or one particular client.
For some reason, now all attempts to use Graph end up in a 403/forbidden response from Power BI. I can log into the Graph Explorer and successfully pull the data there. An example endpoint is "https://graph.microsoft.com/v1.0/users". I'm absolutely certain I have all required permissions to view a user list.
It seems the same issue with this thread that has been reported.
Updates of this issue:
We do not support connecting to Graph. Because of various auth challenges, generic OData connectivity does not work.
Users should vote for a dedicated Graph connector on UserVoice to register their interest.
@v-jiascu-msft, I think what we're curious about is why it worked for so long, and suddenly now it doesn't. Was this a recent change on the evening of May 31st in relation to GDPR initiatives?
In this situation, we had access to a wealth of data from our AAD tenancies that was very useful in RLS and other scenarios, and suddenly it stopped working (with a basic OAuth flow/signing in with delgated scope). You end up with consumers and consultants building dependencies on these integrations, and then it changes without warning.
While I'm sure you can't revert whatever these changes were, I would love to have a more grounded conversation with our clients as to why a working solution is suddenly broken without any explanation from Microsoft. I was able to make a new solution leveraging an actual Azure AD registered application with Graph permissions, but this caused scope change and user interruptions in the meantime.