Getting Unauthorized issue for exchange admin reporting API's

Question

Hi Team

We are facing multiple Unauthorized issues while calling below exchange admin reporting APIs -

https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MailDetailDlpPolicy
https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace
https://reports.office365.com/ecp/reportingwebservice/reporting.svc/SpoofMailReport
https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MailDetailATP

Authentication library used -MSAL
Getting below error

Job failed with type: UnauthorizedFailure ; Message: Reason: Full error: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>401 - Unauthorized: Access is denied due to invalid credentials.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> ; Details: Error code: 401

Job failed with type: UnauthorizedFailure ; Message: Reason: Full error: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "

Job failed with type: UnauthorizedFailure ; Message: Reason: Full error: {"ErrorCode":"","Message":"No permission to access the report for the organization ."} ; Details: Error code: 403

Configuration Steps that we are followed are as below

1. On Azure Portal. Created Microsoft Entra Id application and provided  API (Office 365 Exchange Online- ReportingWebService.Read.All) permission. 

2.Roles and administrators - selected 'Global Reader' Role added Microsoft Entra ID application as member
3.On exchange admin portal https://admin.exchange.microsoft.com/#/adminRoles
for a Role Group, assigned Global Reader role with selected below 3 Permissions.

i). Data Loss Prevention
ii). View Only Configuration
iii). View Only Recipients

It’s works partially and sometimes it throwing permission errors for MessageTrace service.
Our customers are having multiple roles selected (along with global reader ) in view only organization management role group and sometimes it won’t work for that role also.

We are eager to know the root cause behind this and need to know exact configuration settings/permissions required on Microsoft side.

Please suggest, we are ready to discusses over a call.

Thanks in advance !