I have identified the issue and resolved it. Initially, I configured the process by setting up an AuthDelegateImplementation to obtain an authentication token and storing it in a database through a scheduler that runs every hour. The token was then retrieved and reused. (For reference, I based this logic on the example here: AuthDelegateImplementation.cs. In this example, the AcquireToken parameters authority and resource were hardcoded to obtain the token.)

Using this approach, I successfully removed sensitivity labels from files without access control restrictions. However, for labels with access control settings, the error described earlier occurred.

To resolve this, I switched to a different approach where a new authentication token is obtained each time the functionality is used. This resolved the issue, and I verified that sensitivity labels, including those with access control settings, were successfully removed from the files.