Guidance on connecting to Microsoft 365 E5

I have an Office 365 E5 account I am trying to access via EM Client.When I added the client the service worker appears to have been created in AAD and I have EWS enabled for the account. I receive the following message:

[Exchange Web Services] MailClient.Storage.Application.OperationException
          ---> Microsoft.Exchange.WebServices.Data.EwsHttpWebException: Response status code does not indicate success: Forbidden ().
            at MailClient.Protocols.Exchange.ExchangeGenericCommand.Execute(WorkerStatus status)
            --- End of inner exception stack trace ---

I am clearly missing a step on the server-side configuration somewhere, but I am not sure where to start. Has anyone any experience that might help me get started?

Thanks!

Ah, never mind. It seems I have to review and grant the admin privileges the service worker needs.