@AnnaMarkose -That may still not provide the correct credentials. When you log in to your O365 Portal to generate the token, the account that you use MUST be assigned to the following 2 roles (see the attached image):
1) Cloud Application Administrator
2) Reports Reader
@AnnaMarkose : And the Reports Reader role is a must. By that I mean, the user's Global Admin or Cloud Application Administrator role may be taken away once the token is generated, but the Report Reader role should always be assigned to the user, even after the generation of the token. Without that, the Usage step will always fail.
@AnnaMarkose - After you assigned this role, did you generate a new Security Token? Remember that the beacon authenticates to the Office 365 API using the Security Token, not that logon account. The logon account is used 1-time to generate the Security Token that has the required priviledges.
@AnnaMarkose: Please try this test as well from the Beacon machine.
1.) Logon to https://developer.microsoft.com/en-us/graph/graph-explorer using the same credentials that were supplied on the Beacon connection to generate the refresh token
2.) Call this API - https://graph.microsoft.com/v1.0/reports/getOffice365ActiveUserDetail(period='D90'). More information about this API can be found here: https://docs.microsoft.com/en-us/graph/api/reportroot-getoffice365activeuserdetail.
3.) Check the response code after you call the API. If you see a response code 200, then you are good. However, if you see any other response code, then you are running into some network issues on your end.
Hope this helps.
@AnnaMarkose - If the Logon Account you are using to generate the Security Token has both the Reports Reader and the Cloud Admin role, you should be good to go. If you are still getting an error, then there is likely some issue in your environment causing the failure, such as a Firewall/Proxy Server.
If possible, please perform the troubleshooting steps outlined by @Alpesh, and if you have not please provide a Support Ticket.
Perhaps other Community Members have additional suggestions.
When this is resolved, please post the solution on this thread so that other members of the community can use this solution.
Please find the troubleshooting steps we have done so far.
1) Generated the token using an Azure AD account which is having global admin privilege and 'reports reader' role.
2) Confirmed that there is no firewall/proxy blocking between beacon server and Office 365.
3) Tried the solution mentioned in the knowledge article mentioned below. When we have removed the usage line from the 'ReaderV3.config' file and tried to execute the task, the readerV3.config file got replaced to its previous version and the changes done got reverted back.
Still the issue is there. Please let me know if we have any other troubleshooting techniques for this. Thank you so much for your help and support.