@azure202 If the App Service is setup with IP Restrictions to allow requests only from APIM, then it would be OK to skip validation on the app side and just decode the token for claims.
This approach has the added benefit of having one validation setup for multiple apps and prevents unauthorized requests from reaching your app in the first place.