Thanks for reading my post. As I mentioned in my troubleshooting section, 401 is a really cold response. The first thing I suggest you to check is to make sure the token you got from AAD has correct “role” definition. If you already setup application permission in your app’s permission, but the role definition doesn’t reflect that, it means you need admin consent to grant that permission. You can reference the detail steps in my troubleshooting section and let me know if you still have questions.