Hero Banner

Secure Application Model

Learn and ask questions on how to implement secure application model

Level 3 Contributor

Connect-MgGraph secure application model and GDAP

I am trying to get a token for a partner set with GDAP so I can then use it with connect-MgGraph 

The below works fine for DAP partners :


$ApplicationId = "My application id"
$ApplicationSecret = "My app secret"
$RefreshToken = "My refresh token"

$AuthBody = @{
client_id = $ApplicationId
client_secret = $ApplicationSecret
scope = 'https://graph.microsoft.com/.default'
refresh_token = $RefreshToken
grant_type = "refresh_token"


$tenantid = "Partner tenant id"

Invoke-RestMethod -Method post -Uri "https://login.microsoftonline.com/$($tenantid)/oauth2/v2.0/token" -Body $Authbody


However it returns 


AADSTS65001: The user or administrator has not consented to use the application with ID '########-ffd6-48b7-aa6d-############' named 'AppName'. Send an interactive authorization request for this user and resource.


I am able to connect to exchange for GDAP partners but not Microsoft Graph.  Particularly the MGGraph powershell module. It works fine with DAP.


Can anyone help?

Level 3 Contributor

Thanks for any support anyone gives 🙂

Community Manager

I've been in contact with the internal team and they suggested submitting a support ticket for each instance as it sounds like a technical issue that requires some investigation from the technical team. 




If anyone gets a solution will they come back and let this string know? Thank you! 

Visitor 1

We are observing the same problem since we've changed DAP to GDAP for some of our Customer-Tenants. However, calls concerning the PartnerCenterAPI can be successfully send and received. Otherwise all operations concerning the MS graph API are returned with the Error: 


"AADSTS65001: The user or administrator has not consented to use the application with ID '########-######-###-####-############' named '<OurAppName>'. Send an interactive authorization request for this user and resource."


Any help would be appreciated.

Level 6 Contributor

@MatStretcher and @Glenndsq ,


Just wanted to reply because this thread was one of the few hits I had for GDAP and your error, AADSTS65001. I believe the problem is that Microsoft changed the GDAP delegated permissions model between late August 2022 (when I initially tested DAP -> GDAP and it all worked) and early October when you two, and @ClaudioStallone encountered this error.



In another thread in this Partner Center forum @JanoschUlmer posted a solution that @ClaudioStallone confirmed. I just tested it and it works, including for Connect-MgGraph, you can see my reply here, which in the same thread, including a confirmation from Kelvin.




It shows how you will need to add a Consent for your Secure App Model in the Customer's tenancy. I also found that Exch Online works, but for Azure AD, Graph, and Azure the steps in the post (originally from Janosch) are required.


I hope that helps!


Community Manager

@Glenndsq @ClaudioStallone I don't know anything about this, but I am inquiring within to see if I can find someone to help. I'll let you know if I find out anything! Sorry for your troubles here. 

Level 6 Contributor

Hello @v-jillarmour 


Thank you very much, we also have create a MS Case for that TrackingID#2210040040003176

As it is very urgent for us, as our automations using Azure as well as MS Graph are no longer working for GDAP customers!

Level 6 Contributor

We have the same issue since this week!