In AAD App registration has Implicit Grant Flow to true; We have delegated permissions to User.Read and User.Read.All.

private static getContext(): Msal.UserAgentApplication {
    if (AuthenticationService.Context) return AuthenticationService.Context;
    const logger = new Msal.Logger((_logLevel, message, _piiEnabled) => {
        console.log(message);
    }, { level: Msal.LogLevel.Verbose, correlationId: "12345" });

    AuthenticationService.Context = new Msal.UserAgentApplication(
        Environment().authentication.clientId,
        AuthenticationService.getAuthority(),
        (errorDesc, token, error, _tokenType) => {
            if (token) {
                AuthenticationService.isAuthenticated = true;
                AuthenticationService.accessToken = token;
            } else {
                const localizedError: string = LocalizationService.localize(error);
                alert(localizedError !== error ? localizedError : errorDesc);
            }
        },
        {
            logger: logger,
            storeAuthStateInCookie: true,
            state: "12345",
            cacheLocation: "localStorage" // enable this for IE, as sessionStorage does not work for localhost.
        });
    if (AuthenticationService.Context.getUser()) {
        AuthenticationService.isAuthenticated = true;
    }

    return AuthenticationService.Context;
}

We have login method:

public static login(): void {
    const context: Msal.UserAgentApplication = AuthenticationService.getContext();
    if (context.loginInProgress()) return;
    AuthenticationService.CurrentUser = null;
    context.loginRedirect(AuthenticationService.SCOPES);
}

And we have method to get token for graph:

public static async getGraphToken(): Promise<string | null> {
    const authContext: Msal.UserAgentApplication = AuthenticationService.getContext();
    const cachedUser: Msal.User = authContext.getUser();
    if (!cachedUser) {
        return null;
    }
    return authContext.acquireTokenSilent(AuthenticationService.SCOPES);
}

When I use graph token to get user photo I have:

{
    "error": {
        "code": "OrganizationFromTenantGuidNotFound",
        "message": "The tenant for tenant guid '68cc0dcb-5873-4ea0-a498-fe57e9b51827' does not exist.",
        "innerError": {
            "request-id": "b402e405-342a-4002-a880-84f30413cbf7",
            "date": "2018-11-30T23:39:23"
         }
     }
}

I had the same issue and after 4 hours of trial and error I solved the problem.

My scenario was a bit different but maybe it will apply to your case.

I was trying to read user emails (/users/userId/messages) which failed with the same error. Trying to get info on a user did work but trying to get messages failed, which led me to realize that even though the users did exist on my AD, the actual AD of the exchange account was different... Once I moved my app registration to the correct AD everything worked perfectly...

Hope that helps...