The documentation has been updated and with the release of version 3.0 a more meaningful error will be thrown in this circumstance. Also, when you invoke a command and specify the Debug parameter you will now see details regarding the actual HTTP request which will help identify the root cause of issues more rapidly.

@isaiahwilliams If this is the better solution for authenticating may be it is better to documented it somewhere. I will switch to this way of authenticating so we can put this best practice at place. To clarify connecting to Azure via Az stays the same as there is no refresh token option there correct?

@cblackuk thank you for confirming. If you elect to use the RefreshToken parameter as a workaround then the only thing that should change is that you do not need to call the New-PartnerAccessToken command because the Connect-PartnerCenter command will take care of that step on your behalf.

That approach is actually the best solution in my opinion, but I will see if there is a way we can address the issue when using the AccessToken parameter.

Thank you for sharing this information, and now I see the problem. The reason I was not able to reproduce the issue in my testing was that I was using the following to connect

Connect-PartnerCenter -ApplicationId 'xxx-xxxx-xxxx-xxxx' -RefreshToken $token.RefreshToken -Credential $credential

Through this approach I do not have to exchange the refresh token for an access token, the module handles that for me. Since you are connecting using an access token that raw value is being use to interact with the Azure Resource Manager API which results in the following error from the API to be returned

{"error":{"code":"InvalidAuthenticationTokenAudience","message":"The access token has been obtained for wrong audience or resource 'https://api.partnercenter.microsoft.com'. It should exactly match with one of the allowed audiences 'https://management.core.windows.net/','https://management.core.windows.net','https://management.azure.com/','https://management.azure.com'."}}

While I work through the best way to address this limitation, I would recommend you use the RefreshToken parameter instead of the AccessToken parameter when connecting. This works because the module is exchanging the refresh token for an access token that has the correct audience on your behalf.

New module has not fixed anything, not sure it was meant to…

PS C:\> Update-Module PartnerCenter -Verbose -Force
VERBOSE: Checking for updates for module 'PartnerCenter'.
VERBOSE: Repository details, Name = 'PSGallery', Location = 'https://www.powershellgallery.com/api/v2'; IsTrusted = 'True'; IsRegistered = 'True'.
VERBOSE: Using the provider 'PowerShellGet' for searching packages.
VERBOSE: Using the specified source names : 'PSGallery'.
VERBOSE: Getting the provider object for the PackageManagement Provider 'NuGet'.
VERBOSE: The specified Location is 'https://www.powershellgallery.com/api/v2' and PackageManagementProvider is 'NuGet'.
VERBOSE: Searching repository 'https://www.powershellgallery.com/api/v2/FindPackagesById()?id='PartnerCenter'' for ''.
VERBOSE: Total package yield:'1' for the specified package 'PartnerCenter'.
VERBOSE: Performing the operation "Update-Module" on target "Version '2.0.1909.5' of module 'PartnerCenter', updating to version '2.0.1911.6'".
VERBOSE: The installation scope is specified to be 'AllUsers'.
VERBOSE: The specified module will be installed in 'C:\Program Files\WindowsPowerShell\Modules'.
VERBOSE: The specified Location is 'NuGet' and PackageManagementProvider is 'NuGet'.
VERBOSE: Downloading module 'PartnerCenter' with version '2.0.1911.6' from the repository 'https://www.powershellgallery.com/api/v2'.
VERBOSE: Searching repository 'https://www.powershellgallery.com/api/v2/FindPackagesById()?id='PartnerCenter'' for ''.
VERBOSE: InstallPackage' - name='PartnerCenter', version='2.0.1911.6',destination='C:\Users\ContainerAdministrator\AppData\Local\Temp\1613003471'
VERBOSE: DownloadPackage' - name='PartnerCenter', version='2.0.1911.6',destination='C:\Users\ContainerAdministrator\AppData\Local\Temp\1613003471\PartnerCenter\PartnerCenter.nupkg',
uri='https://www.powershellgallery.com/api/v2/package/PartnerCenter/2.0.1911.6'
VERBOSE: Downloading 'https://www.powershellgallery.com/api/v2/package/PartnerCenter/2.0.1911.6'.
VERBOSE: Completed downloading 'https://www.powershellgallery.com/api/v2/package/PartnerCenter/2.0.1911.6'.
VERBOSE: Completed downloading 'PartnerCenter'.
VERBOSE: Hash for package 'PartnerCenter' does not match hash provided from the server.
VERBOSE: InstallPackageLocal' - name='PartnerCenter', version='2.0.1911.6',destination='C:\Users\ContainerAdministrator\AppData\Local\Temp\1613003471'
VERBOSE: Catalog file 'PartnerCenter.cat' is not found in the contents of the module 'PartnerCenter' being installed.
VERBOSE: Valid authenticode signature found in the file 'PartnerCenter.psd1' for the module 'PartnerCenter'.
VERBOSE: For publisher validation, current module 'PartnerCenter' with version '2.0.1911.6' with publisher name 'CN=Microsoft Root Certificate Authority 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'. Is this module
signed by Microsoft: 'True'.
VERBOSE: For publisher validation, using the previously-installed module 'PartnerCenter' with version '2.0.1909.5' under 'C:\Program Files\WindowsPowerShell\Modules\PartnerCenter\2.0.1909.5' with publisher name 'CN=Microsoft Root
Certificate Authority 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'. Is this module signed by Microsoft: 'True'.
VERBOSE: Authenticode issuer 'CN=Microsoft Root Certificate Authority 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' of the new module 'PartnerCenter' with version '2.0.1911.6' matches with the authenticode issuer
'CN=Microsoft Root Certificate Authority 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' of the previously-installed module 'PartnerCenter' with version '2.0.1909.5'.
VERBOSE: Module 'PartnerCenter' was installed successfully to path 'C:\Program Files\WindowsPowerShell\Modules\PartnerCenter\2.0.1911.6'.
PS C:\> Connect-PartnerCenter -AccessToken $CSPAccessToken

Account                                  Environment                                                                                       TenantId
-------                                  -----------                                                                                       --------
                                         AzureCloud                                                                                        common


PS C:\> Get-PartnerAzureBillingAccount -Verbose -Debug

Confirm
Operation returned an invalid status code 'Unauthorized'
[Y] Yes  [A] Yes to All  [H] Halt Command  [S] Suspend  [?] Help (default is "Y"): a
Get-PartnerAzureBillingAccount : Operation returned an invalid status code 'Unauthorized'
At line:1 char:1
+ Get-PartnerAzureBillingAccount -Verbose -Debug
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Get-PartnerAzureBillingAccount], ErrorResponseException
    + FullyQualifiedErrorId : Microsoft.Store.PartnerCenter.PowerShell.Commands.GetPartnerAzureBillingAccount

PS C:\> Get-Module

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Manifest   3.1.0.0    Microsoft.PowerShell.Management     {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Content...}
Manifest   3.0.0.0    Microsoft.PowerShell.Security       {ConvertFrom-SecureString, ConvertTo-SecureString, Get-Acl, Get-AuthenticodeSignature...}
Manifest   3.1.0.0    Microsoft.PowerShell.Utility        {Add-Member, Add-Type, Clear-Variable, Compare-Object...}
Manifest   3.0.0.0    Microsoft.WSMan.Management          {Connect-WSMan, Disable-WSManCredSSP, Disconnect-WSMan, Enable-WSManCredSSP...}
Binary     1.0.0.1    PackageManagement                   {Find-Package, Find-PackageProvider, Get-Package, Get-PackageProvider...}
Script     2.0.1911.6 PartnerCenter                       {Add-PartnerCustomerCartLineItem, Add-PartnerCustomerUserRoleMember, Connect-PartnerCenter, Disconnect-PartnerCenter...}
Script     1.0.0.1    PowerShellGet                       {Find-Command, Find-DscResource, Find-Module, Find-RoleCapability...}

@cblackuk for the get_SerializationSettings error if we can open a separate issue that will help with tracking. Also, it will be helpful to see the other modules you have loaded. I suspect your error might be due to an assembly binding redirect issue.

I have a better error than you:

 Get-PartnerAzureBillingAccount
Get-PartnerAzureBillingAccount : Method 'get_SerializationSettings' in type 'Microsoft.Azure.Management.Billing.BillingManagementClient' from assembly 'Microsoft.Azure.Management.Billing, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=null' does not have an implementation.
At line:1 char:1
+ Get-PartnerAzureBillingAccount
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-PartnerAzureBillingAccount], TypeLoadException
    + FullyQualifiedErrorId : System.TypeLoadException,Microsoft.Store.PartnerCenter.PowerShell.Commands.GetPartnerAzureBillingAccount

PS C:\AzureStackDeployment\modules> Get-PartnerAgreementDetail

AgreementLink                                              AgreementType           TemplateId                           VersionRank
-------------                                              -------------           ----------                           -----------
https://docs.microsoft.com/en-us/partner-center/agreements MicrosoftCloudAgreement 998b88de-aa99-4388-a42c-1b3517d49490           0

@cblackuk can you check if you also have this issue. I would assume this is something you want to implement as well (Azure Plan support).