Log into the Azure Portal here then go to 'App registration' and select your newly registered application.
Go to 'API permissions', select 'Add a permission' and click on 'Microsoft Graph'.
Select 'Application permissions' and search for 'User'. Scroll down and select 'User.Read.All'.
The permission 'User.Read' with Type “Delegated” is added by default, both will now require Administrator approval.
Click 'Grant admin consent' then click 'Yes' on the confirmation prompt. Both permissions should now have the status of 'Granted'.
