Have you looked into using the prefer: bypass-shared-lock, bypass-checked-out header in the Graph API requests? I came across it in the driveitem-delete documentation as can be seen here: Delete a DriveItem or see the quote below
Header Name Description prefer String. Optional. A value of bypass-shared-lockbypasses any shared locks on the driveItem (for example, from a coauthoring session). A value ofbypass-checked-outbypasses the checkout condition on the driveItem. Multiple comma-separated values are allowed.
This was useful to me when deleting and moving Word documents that are still being edited/open in the user's browser. Without the header I would get a 423 Locked response.