![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 38%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Hello @KT
Thank you for reaching out. I would like to confirm that if the token used to create SCIM Connection with Application in Azure AD gets expired or invalid, then Azure AD pushes that specific application's provisioning status to Quarantine state with error message similar to "EncounteredQuarantineException. The code for the error would be SystemForCrossDomainIdentityManagementCredentialValidationFailure."
We expect admin to generate a new token from target app, provide the same to Azure AD, perform test connection and save the configuration. Once the new admin credentials are supplied you would need to restart the provisioning job. The provisioning job would ideally skip the users which are already provisioned in target app and provision any new object.
For more details you can review following document: Application provisioning in quarantine status
I hope this helps.
----------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)