@jpcapone Thanks for reaching out and apologies for delay on this.
Here is the label requirement around this :
You must have at least one sensitivity label configured in the Microsoft 365 compliance center for the scanner account, to apply classification and, optionally, protection.
The scanner account is the account that you'll specify in the DelegatedUser parameter of the Set-AIPAuthentication cmdlet, run when configuring your scanner.
You can read more in detail here : https://learn.microsoft.com/en-us/azure/information-protection/deploy-aip-scanner-prereqs#label-configuration-requirements
If you need help with troubleshooting the scanner, please follow : https://learn.microsoft.com/en-us/azure/information-protection/deploy-aip-scanner-tsg
Please let us know if the above helps, if not we can investigate more after getting more information about the issue.
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.