Using the MS Graph Explorer tool, it appears as though I am not able to consent to the Mail.ReadBasic
scope for a @hotmail.com account. When I click on the Consent
button in the UI, the consent popup loads, but then immediately closes and consent is not granted.
If I sign in to the MS Graph Explorer tool with an account tied to an Azure AD tenant, I am able to successfully consent to the Mail.ReadBasic
scope.
Additionally, trying to follow the user consent flow with an App Registration from my own tenant, I can run any request like the one below with an outlook.com, hotmail.com or live.com address and will see a 302 to my redirect URI with the message below.
REQUEST
GET /common/oauth2/v2.0/authorize?client_id={client_id}}&redirect_uri={redirect_url}&response_type=code&scope=https%3A%2F%2Fgraph.microsoft.com%2FMail.ReadBasic&state={state}&login_hint=some.name%40outlook.com
REDIRECT
302 {redirect_url}?error=invalid_scope&error_description=The%20provided%20value%20for%20the%20input%20parameter%20'scope'%20is%20not%20valid.%20The%20scope%20'https://graph.microsoft.com/Mail.ReadBasic'%20does%20not%20exist.&state={state}
The same requests using Azure AD tenant accounts will be successful.
Is the Mail.ReadBasic
scope only supported for Azure AD tenant accounts and not personal accounts?