根据报告Microsoft图形api的权限，Reports.Read.All是application permission，它允许应用程序无需登录用户即可读取所有服务使用情况报告.要调用该api，您需要使用客户端凭据流来获取具有应用程序标识的令牌:

According to Get EmailActivity report document , read that report needs Reports.Read.All permission . And according to Reports permissions of microsoft graph api, Reports.Read.All is application permissionwhich allows an app to read all service usage reports without a signed-in user. To call that api , you need to use client credential flow to acquire token with app identity :

1. 在您的azure广告应用程序中添加Microsoft graph的Read all usage reports应用程序权限:

通过使用您的AAD的管理员帐户单击上方屏幕快照中的Grant Permissions按钮来授予该应用程序权限.

Grant that application permission by clicking Grant Permissions button in above screenshot with admin account of your AAD .

使用客户端凭据流来获取Microsoft图形的访问令牌:

Using client credential flow to acquire access token for microsoft graph :

POST https://login.microsoftonline.com/chencl.onmicrosoft.com/oauth2/token

grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>&resource=https%3A%2F%2Fgraph.microsoft.com%2F

获取访问令牌后，您可以使用在线工具对该令牌进行解码，您应该找到roles声明中的c0>.

After you get the access token , you could decode the token using online tool, you should find Reports.Read.All in roles claim .

然后您可以调用EmailActivity api，它返回302 Found响应，重定向到该报告的预认证下载URL:

Then you could call the EmailActivity api , it returns 302 Found response redirecting to a pre-authenticated download URL for the report:

请告诉我是否有帮助.