WARNING! There was an error parsing the document

Hi,

I am using MSAL library for Authentication and for exchange messageTrace endpoint using API https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace

This API throwing below below 401 - Unauthorized error.

Job failed with type: UnauthorizedFailure ; Message: Reason: Full error: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>401 - Unauthorized: Access is denied due to invalid credentials.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> ; Details: Error code: 401

Below are configuration I have used.

1. Create a Entra Application.
   Provided  API (Office 365 Exchange Online- ReportingWebService.Read.All) Permission. for a same application I have generated Client secrets. provided client id ,client secrets and tenant id information for authentication.
2. Roles and administrators - selected 'Global Reader' Role added Microsoft Entra ID application as member
   3.On exchange admin portal https://admin.exchange.microsoft.com/#/adminRoles
   for a Role Group, assigned Global Reader role with selected below 3 Permissions. i). Data Loss Prevention
   ii). View Only Configuration
   iii). View Only Recipients
   
3. User used on Azure portal has the Global Administrator access.

Still i'm getting a above 401 - Unauthorized Access is denied due to invalid credentials.

is it possible to block API permission access in case we are using some different Conditional Access policies on Microsoft Entra admin center portal

will this above permissions works in case of two different user used on Azure portal and exchange admin portal ?

Please to know the root cause behind this and need to know exact configuration settings/permissions required on Microsoft side. Thanks in Advance...!!