Decrypting an encrypted office 365 email from MS 365 Personal account using MIP SDK

I have followed the link Decrypting an encrypted office 365 email using MIP SDK using MIP SDK(1.6.113) to decrypt an rpmsg successfully when the users and application are in the same Azure AD environment. If I try to decrypt an rpmsg that was sent from an MS 365 Personal account, I am not able to decrypt.

The AcquireToken code gets called twice. The first call to acquire token, when calling AddEngineAsync, has the incoming parms:

identity = Microsoft.InformationProtection.Identity
authority = "https://login.windows.net/common"
resource = "https://syncservice.o365syncservice.com/"
claim = ""

The second call to acquire token, when calling CreateFileHandlerAsync, has the incoming parms:

identity = Microsoft.InformationProtection.Identity
authority = "https://login.windows.net/54485d23-c432-40fe-8436-6091d627118c"
resource = "https://aadrm.com"
claim = ""

Then the code gives me the following exception:

System.AggregateException
HResult=0x80131500
Message=One or more errors occurred.
Source=mscorlib

StackTrace:
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at MipSdkDotNetQuickstart.Action.CreateFileHandler(FileOptions options) in C:\MyGitHub\MipSdk-Dotnet-File-ServicePrincipalAuth-master\mip-sdk-dotnet-file-SPA\Action.cs:line 179
at MipSdkDotNetQuickstart.Action.RemoveProtection(FileOptions options) in C:\MyGitHub\MipSdk-Dotnet-File-ServicePrincipalAuth-master\mip-sdk-dotnet-file-SPA\Action.cs:line 212
at MipSdkDotNetQuickstart.Program.Main(String[] args) in C:\MyGitHub\MipSdk-Dotnet-File-ServicePrincipalAuth-master\mip-sdk-dotnet-file-SPA\Program.cs:line 111

This exception was originally thrown at this call stack:
[External Code]
MipSdkDotNetQuickstart.Action.CreateFileHandler.AnonymousMethod__0() in Action.cs

Inner Exception 1:
AccessDeniedException: The service didn't accept the auth token. Challenge:['Bearer resource="https://aadrm.com", realm="54485d23-c432-40fe-8436-6091d627118c", authorization="https://login.windows.net/54485d23-c432-40fe-8436-6091d627118c/oauth2/authorize"'], CorrelationId=f63bb5f6-009f-4b9f-a4b7-621df958845b, CorrelationId.Description=FileEngine

What could be the problem here?

Thanks

if you are getting the token with MSAL

• when AcquireToken is called with resource "https://syncservice.o365syncservice.com/" you must call app.AcquireTokenSilent(new[]{ "https://psor.o365syncservice.com/UnifiedPolicy.User.Read" }, firstAccount).ExecuteAsync();

• when AcquireToken is called with resource "https://aadrm.com" you must call app.AcquireTokenSilent(new[]{ "https://aadrm.com/user_impersonation" }, firstAccount).ExecuteAsync();