Purview MIP On-premise scanner server, issues connecting to aadrm.us

If you're using the Microsoft Purview MIP on-premises scanner in a U.S. Government (GCC High) environment and encountering issues connecting to https://aadrm.us, even after successful connectivity to other endpoints, the problem likely goes beyond basic DNS or firewall. One common but overlooked cause is that the scanner may have been installed with default Commercial (Global) cloud settings, and thus doesn’t recognize .us endpoints. To fix this, you should uninstall and reinstall the scanner using the -AzureRegion USGov flag to ensure it targets the correct environment. Additionally, make sure you're using the latest version of the AIP Unified Labeling client (v3.15 or newer), as older versions can fail in sovereign clouds. Also check if the required U.S. Government and DoD root certificates are present in the Trusted Root Certification Authorities store—missing these can silently block TLS connections to aadrm.us. Finally, confirm that the Service Connection Point (SCP) and scanner authentication are aligned with the USGov cloud by running Set-AIPAuthentication -Cloud USGov. These are critical yet commonly missed steps that ensure the scanner functions correctly in Microsoft’s sovereign cloud infrastructure.