With the recent requirement of enabling MFA to all global admins, we are having issues of accessing some graph API endpoints where application permissions are not supported.
E.g: https://docs.microsoft.com/en-us/graph/api/group-get-thread?view=graph-rest-1.0&tabs=http
This above endpoint supports only Delegated permissions and we were using password grant flow to obtain the access token. But after MFA enabled on the global admin it's not possible to use the global admin's credentials with the password grant flow. We are getting the below when call the token end point with password grant_type.
Is there any other workaround to access the above mentioned endpoint after enable MFA to all global admins?
{
"error": "interaction_required",
"error_description": "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000002-0000-0ff1-ce00-000000000000'. Trace ID: bc51c0ef-a55b-4b01-98bc-e588b45b3a00 Correlation ID: 8e2646e1-00ab-410f-a5bf-4fed28699a2d Timestamp: 2019-07-25 10:57:28Z",
"timestamp": "2019-07-25 10:57:28Z",
"trace_id": "bc51c0ef-a55b-4b01-98bc-e588b45b3a00",
"correlation_id": "8e2646e1-00ab-410f-a5bf-4fed28699a2d",
"suberror": "basic_action"
}
