HTTP Status code 401

Symptoms

Error: "Status Code: 401 | Status Reason: Unauthorized"

Error indicating that authentication to Microsoft Graph API failed

Error response returned from the Message Trace API request

Causes

IBM QRadar successfully connects to the API endpoint, but authentication fails because the application cannot obtain a valid OAuth access token from Microsoft Entra ID

Resolving the problem

To resolve your HTTP Status code 401 error, verify that the following conditions are met.

Verify that the Client ID, Client Secret, and Tenant ID configured in the log source match the values from the application registered in Microsoft Entra ID.
Verify that the Client Secret has not expired.
Ensure that the application has the required Microsoft Graph application permissions to access Message Trace data.
Ensure that administrator consent is granted for the required permissions.
Ensure that a service principal is provisioned for Exchange Online for the registered application.

For more information about provisioning a service principal and configuring permissions, see Graph-based message trace API onboarding guide.