This error is likely caused by referencing the Secret ID (which is incorrect) instead of the Secret value in the Service Principal Key field for your Service Principal configuration. 

Often times you will see status "Critical" for the the Service Principal in the partner tenant or customer tenant that's referencing the Secret ID instead of the correct Secret value.

Make sure to check the status of the Service Principals in both the partner tenant and customer tenant as either not having a Healthy status could cause a CHT:AccessDenied:401 error. 

When configuring your Service Principal be sure to enter the Secret value and NOT the Secret ID in the Key field:

When updating your secret value for your Service Principal be sure to review the key to ensure the update is using the Secret value instead of Secret ID in the Service Principal Key field. 

This error message can also occur because the access token has expired and can't be authenticated with Entra ID (formally called Azure AD). A user with a Global Admin AND Admin Agent role can re-authenticate to fix the issue.