The string is from Microsoft own page. But please make sure it is URL encoded. When I tried it and make mistake to send it to the azure endpoint "as is", I got the same error. But when I send it in this form: https%3A%2F%2Foutlook.office.com%2FIMAP.AccessAsUser.All I was able to obtain a token. Although it won't let me authorize to the Imap portion of the outlook.office365.com servers. I'll keep investigating what is going on. But I tried it some time ago with same effect. I obtained a token but with no luck to authenticate then as now. Unfortunately Microsoft documentation is not helpful much.