If you're seeing logs accumulate in the in directory then you know that the communication with the API is working. I agree that if things aren't being parsed from the next step would be to determine the rules were being written out correctly and available in /etc/NitroGuard/asp/policy under the number that matched the ID listed in /etc/NitroGuard/thirdparty.conf.
I don't think the errors above are the root cause of this (assuming the log isn't full of them). I see occasional 403's with O365 also and as already mentioned, you have a growing 'in' directory. I think you're on the right path though you might need to get support involved if the rules look good on the Receiver.
Yeah, I can see rules are there in the /etc/NitroGuard/asp/policy folder.
However, it started working again after 6 days without making any changes.
As per McAfee support (Tier 2), the logs were always 7 hours behind in the 'IN' directly and recommended to change that in the Azure platform but it started working without making any changes which is weird!