diff --git a/sample/device_flow_sample.py b/sample/device_flow_sample.py
index c2a3e572..ee6ff603 100644
--- a/sample/device_flow_sample.py
+++ b/sample/device_flow_sample.py
@@ -4,7 +4,12 @@
 {
     "authority": "https://login.microsoftonline.com/common",
     "client_id": "your_client_id",
-    "scope": ["User.Read"]
+    "scope": ["User.ReadBasic.All"],
+        // You can find the other permission names from this document
+        // https://docs.microsoft.com/en-us/graph/permissions-reference
+    "endpoint": "https://graph.microsoft.com/v1.0/users"
+        // You can find more Microsoft Graph API endpoints from Graph Explorer
+        // https://developer.microsoft.com/en-us/graph/graph-explorer
 }
 
 You can then run this sample with a JSON configuration file:
@@ -16,6 +21,7 @@
 import json
 import logging
 
+import requests
 import msal
 
 
@@ -70,12 +76,12 @@
         # and then keep calling acquire_token_by_device_flow(flow) in your own customized loop.
 
 if "access_token" in result:
-    print(result["access_token"])
-    print(result["token_type"])
-    print(result["expires_in"])  # You don't normally need to care about this.
-                                 # It will be good for at least 5 minutes.
+    # Calling graph using the access token
+    graph_data = requests.get(  # Use token to call downstream service
+        config["endpoint"],
+        headers={'Authorization': 'Bearer ' + result['access_token']},).json()
+    print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
 else:
     print(result.get("error"))
     print(result.get("error_description"))
     print(result.get("correlation_id"))  # You may need this when reporting a bug
-
diff --git a/sample/username_password_sample.py b/sample/username_password_sample.py
index 6a032f7f..6fd51877 100644
--- a/sample/username_password_sample.py
+++ b/sample/username_password_sample.py
@@ -5,8 +5,13 @@
     "authority": "https://login.microsoftonline.com/organizations",
     "client_id": "your_client_id",
     "username": "your_username@your_tenant.com",
-    "scope": ["User.Read"],
-    "password": "This is a sample only. You better NOT persist your password."
+    "password": "This is a sample only. You better NOT persist your password.",
+    "scope": ["User.ReadBasic.All"],
+        // You can find the other permission names from this document
+        // https://docs.microsoft.com/en-us/graph/permissions-reference
+    "endpoint": "https://graph.microsoft.com/v1.0/users"
+        // You can find more Microsoft Graph API endpoints from Graph Explorer
+        // https://developer.microsoft.com/en-us/graph/graph-explorer
 }
 
 You can then run this sample with a JSON configuration file:
@@ -18,6 +23,7 @@
 import json
 import logging
 
+import requests
 import msal
 
 
@@ -51,10 +57,11 @@
         config["username"], config["password"], scopes=config["scope"])
 
 if "access_token" in result:
-    print(result["access_token"])
-    print(result["token_type"])
-    print(result["expires_in"])  # You don't normally need to care about this.
-                                 # It will be good for at least 5 minutes.
+    # Calling graph using the access token
+    graph_data = requests.get(  # Use token to call downstream service
+        config["endpoint"],
+        headers={'Authorization': 'Bearer ' + result['access_token']},).json()
+    print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
 else:
     print(result.get("error"))
     print(result.get("error_description"))