diff --git a/src/pkg/services/m365/api/graph/logging.go b/src/pkg/services/m365/api/graph/logging.go
index 3569aaf8a..7cc529f83 100644
--- a/src/pkg/services/m365/api/graph/logging.go
+++ b/src/pkg/services/m365/api/graph/logging.go
@@ -126,7 +126,13 @@ func getTokenLifetime(
 		return time.Time{}, time.Time{}, clues.New("nil request")
 	}
 
+	// Don't throw an error if auth header is absent. This is to prevent
+	// unnecessary noise in the logs for requests served by the http requestor
+	// client. These requests may be preauthenticated and may not carry auth headers.
 	rawToken := req.Header.Get("Authorization")
+	if len(rawToken) == 0 {
+		return time.Time{}, time.Time{}, nil
+	}
 
 	// Strip the "Bearer " prefix from the token. This prefix is guaranteed to be
 	// present as per msft docs. But even if it's not, the jwt lib will handle
diff --git a/src/pkg/services/m365/api/graph/middleware_test.go b/src/pkg/services/m365/api/graph/middleware_test.go
index 3f029580a..6f0210d99 100644
--- a/src/pkg/services/m365/api/graph/middleware_test.go
+++ b/src/pkg/services/m365/api/graph/middleware_test.go
@@ -528,12 +528,14 @@ func (suite *MiddlewareUnitSuite) TestGetTokenLifetime() {
 			request:   nil,
 			expectErr: assert.Error,
 		},
+		// Test that we don't throw an error if auth header is absent.
+		// This is to prevent unnecessary noise in logs for requestor http client.
 		{
 			name: "no authorization header",
 			request: &http.Request{
 				Header: http.Header{},
 			},
-			expectErr: assert.Error,
+			expectErr: assert.NoError,
 		},
 		{
 			name: "well formed auth header with token",