Getting 401 error

Hi @Sarhang Hevary
Thanks for the details - this looks like an authorization/permissions issue rather than a problem with the API itself.

The 401 error typically means the request is not getting a valid token with the required permissions.

A couple of things to check:

• Even though you’re a Global Admin, the API you’re calling requires explicit admin consent for the eDiscovery.ReadWrite.All permission.
• In Graph Explorer, permissions are tied to the Graph Explorer app itself — so you need to grant consent there.

Here’s what I’d suggest:

• In Graph Explorer, go to “Modify permissions”
• Search for and add eDiscovery.ReadWrite.All
• Click “Consent” (this requires admin approval)

If you don’t see a consent request in Entra:

• Check Entra ID → Enterprise Applications → Graph Explorer → Permissions
• Or verify if admin consent workflow is enabled in your tenant (it might not surface as a request)

Also note:

• The /security/cases/ediscoveryCases endpoint belongs to Purview eDiscovery, so you may also need appropriate Purview roles (like eDiscovery Manager) in addition to Graph permissions.

I hope this helps. Please let us know if you have any questions.

The 401 on https://graph.microsoft.com/v1.0/security/cases/ediscoveryCases indicates that the request is not presenting a valid or appropriate access token to Microsoft Graph, or the token does not contain the required permissions.

For Microsoft Graph 401/403 issues, the supported guidance is:

1. Verify the access token
   • Ensure the request from Graph Explorer or PowerShell actually includes an access token in the Authorization: Bearer <token> header.
   • Make sure the token is not expired and is issued for Microsoft Graph (audience should be https://graph.microsoft.com/).
   • If using a delegated token from a personal Microsoft account, note that some APIs only support work or school accounts; a personal account token will fail.
2. Confirm the correct Graph permissions are granted
   • The app (Graph Explorer or your own app) must request the correct Microsoft Graph permissions for the security/ediscovery APIs.
   • The permissions must be granted (consented) by an administrator in Microsoft Entra ID.
   • If consent is not completed, calls will fail with 401/403.
3. Use Microsoft Entra admin center to grant consent
   • In Entra ID → App registrations → select the app → API permissions, verify the required permission (for example, eDiscovery.ReadWrite.All) is listed and shows Granted for <tenant>.
   • If not, an admin must grant admin consent there. If consent is not visible as a pending request, it must be granted directly on the app registration’s API permissions blade.
4. If still failing, follow the standard Graph auth troubleshooting flow
   • Reacquire the token using the Microsoft Authentication Library (MSAL) and retry.
   • If the error persists, use the Microsoft Graph authorization error guidance and, if needed, open a new question on Microsoft Q&A tagged microsoft-graph.

References:

• Resolve Microsoft Graph authorization errors
• Troubleshoot Authorization_RequestDenied error with Microsoft Graph