oauth-2.0 - Microsoft Graph API 无法使用 mail.read

Question

在我的应用程序中，我通过

GET https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize?client_id=<CLIENT_ID>&response_type=code&response_mode=query&scope=user.read+mail.send+mail.readwrite&redirect_uri=https%3A%2F%2Fgraphresponse%2F&prompt=consent

使用代码

POST https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token

与application/x-www-form-urlencoded：grant_type=authorization_code&redirect_uri=https%3A%2F%2Fgraphresponse%2F&client_id=<CLIENT_ID>&scope=user.read+mail.send+mail.readwrite&client_secret=<CLIENT_SECRET>&code=<CODE>

到目前为止一切顺利，我收到了这样的不记名令牌（为便于阅读而格式化）：

{"token_type":"Bearer",
 "scope": 
      "Mail.Read Mail.Read.All Mail.Read.Shared 
       Mail.ReadBasic Mail.ReadWrite Mail.ReadWrite.Shared 
       Mail.Send openid User.Read profile email",
 "expires_in":3600,
 "ext_expires_in":3600,
 "access_token":"<TOKEN>"
}

我可以使用以下端点

GET http://graph.microsoft.com/v1.0/me 
POST http://graph.microsoft.com/v1.0/me/sendMail 
POST http://graph.microsoft.com/v1.0/me/messages

但我收到以下错误

GET http://graph.microsoft.com/v1.0/me/messages

{
  "error": {
    "code": "ErrorAccessDenied",
    "message": "Access is denied. Check credentials and try again.",
    "innerError": {
      "request-id": "xxxxxxx",
      "date": "2019-03-12T13:38:47"
    }
  }
}

我是否错过了明确读取当前用户收件箱所需的任何配置，或者是否需要任何管理员配置？