MacroView DMF and MacroView Message version 8.9.1086 and later utilise the Microsoft Authentication Library (MSAL) for modern authentication.
For more details please see the following article.
This change introduced the scenario where a user can be logged in with different accounts in SharePoint Online versus the SharePoint Online Admin Center, as MSAL manages tokens on per web application basis.
Provisioning 401 Unauthorised or 403 Forbidden Response
If a user encounters a 401 unauthorised or 403 forbidden response when they try to create a site collection, it may be because they are signed into SharePoint Online and the SharePoint Online Admin Center with different accounts.
Workaround to Align Accounts
This workaround is only required if you are trying to create a site collection and run into a 401 unauthorised or 403 forbidden response.
In MacroView DMF or MacroView Message go to Options > Servers and click the Add button to add a new server.
The server path needs to be your organisation's SharePoint Online Admin Centre URL.
SharePoint Online URL
SharePoint Online Admin Centre URL
Please note how the "-admin" suffix has been added to the sub-domain.
Go to the Advanced tab and tick the "Do not Show Server in TreeView" setting.
Click the OK button to add the SharePoint Online Admin Center server.
Then use the "Switch account" links below to align the accounts so the same account is used for both the SharePoint Online and SharePoint Online Admin Center servers in the Server List below.
After you have aligned the accounts, please try creating a site collection.
Coming soon, the above workaround of adding the SharePoint Online Admin Center server to MacroView DMF or MacroView Message in order to align accounts will not be required.
MVSP is currently being upgraded to detect if different accounts are being used in the context of creating a site collection and will prompt the user to align accounts using a new account alignment dialog.