This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 21%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
So I am trying to configure Sensitivity labels according to the documentation here - https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-assign-sensitivity-labels
I currently am using a M365 GCC High tenant and according the the roadmap sensitivity labels are rolled out.
Following the directions it asked me to connect to Azure-AD and run this command - $Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
I log in find but when I try and run the command I get the following error -
Get-AzureADDirectorySetting : Error occurred while executing GetDirectorySettings
Code: InvalidAuthenticationToken
Message: Access token validation failure. Invalid audience.
InnerError:
RequestId: 88c2acdd........
DateTimeStamp: Fri, 04 Jun 2021 18:07:50 GMT
HttpStatusCode: Unauthorized
HttpStatusDescription: Unauthorized
HttpResponseStatus: Completed
........
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 4%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
II am having the same issue in a GCC High Tenant. I'll update if I find a solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 20%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
II am also having this issue in a GCC tenant. Any luck figuring it out?
yes! Instead of "Connect-AzureAD", use "Connect-AzureAD -AzureEnvironmentName AzureUSGovernment"
This solved my issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
You need to ensure that your app is registered and the correct permissions are assigned.
Also, please make sure that your resource is set correctly.
If all of that is correct there might be a conditional access policy in place that is blocking the authorization.
Have you met the prerequisites? (i.e. having the Premium P1 license assigned and using elevated privileges)
Instead of "Connect-AzureAD", use "Connect-AzureAD -AzureEnvironmentName AzureUSGovernment"
This solved my issue.
That did the trick. Thanks!