According to the Azure Graph API team's blog, they've changed the way permissions are handled in Azure AD-authenticating apps.
This error has been driving me nuts for the past month while I've been able to get into an app we're writing in Azure using AD, but my team hasn't.
Here's how we fixed our issue:
1) I could get into our app (because I setup the permissions with my account in the management portal), but my team couldn't.
2) Had to go talk to one of our DevOps guys who's a Global Administrator in our Azure tenant, got him to remove the permission in the Azure AD Application, then re-add it.
Now my team could get in.
Hope this helps anybody stuck on this