Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Symptoms
An application calls the Microsoft Graph API to query OneDrive resources. If a location-based policy is enabled, requests to the Graph API return a 401 "Unauthorized" error message. This issue occurs even if the user is within the trusted boundary.
Cause
The issue occurs because the Graph API doesn't pass the user's IP address to SharePoint. Therefore, SharePoint can't determine whether the user is within the trusted boundary. The only apps that currently support location-based policies are Viva Engage and Exchange. It means that all other apps are blocked, even when these apps are hosted within the trusted network boundary.
For more information about this issue, see Control access to SharePoint Online and OneDrive data based on defined network locations.
Workaround
To work around this issue, set conditional access in Microsoft Entra ID.
Status
Microsoft is aware of this issue and is developing a solution.