401 error when you use Graph API to access OneDrive data with location-based policy enabled
Symptoms
An application calls the Microsoft Graph API to query OneDrive resources. If a location-based policy is enabled, requests to the Graph API return a 401 "Unauthorized" error message. This issue occurs even if the user is within the trusted boundary.
Cause
The issue occurs because the Graph API doesn't pass the user's IP address to SharePoint. Therefore, SharePoint can't determine whether the user is within the trusted boundary. The only apps that currently support location-based policies are Viva Engage and Exchange. It means that all other apps are blocked, even when these apps are hosted within the trusted network boundary.
For more information about this issue, see Control access to SharePoint Online and OneDrive data based on defined network locations.
Workaround
To work around this issue, set conditional access in Microsoft Entra ID.
Status
Microsoft is aware of this issue and is developing a solution.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for