After you have published the Azure AD SCIM microservice app to your Azure tenant, you need to run the following PowerShell script to assign several required permissions to the App Service managed identity. Required permissions follow the least-privilege principle and include the following:
...