Challenges with SCIM delete implementation with Just in Time

Hi Azure team ,

We have a federation set up with our customer Azure Idps and have enabled provisioning of users through Just in time. We are in process of enabling only deprovisioning through SCIM. However we are observing following issue with Just in Time and SCIM delete

This outlines the issue for users who exist in customer Azure IdP but not in our Auth server before SCIM is enabled.

1. Upon enabling SCIM in the customer's Azure IdP it sends a GET request for each existing user to check for them in our Auth server.
2. For the the users that have not yet been provisioned in our Auth server through JIT, our SCIM service returns a response as per the SCIM standard.
3. Later this user logs in and has it profile created in our Auth server through Just in Time
4. Consequently, when the user is deleted from customer Azure IdP, SCIM deactivation events are not sent.
5. Users shadow account in our Auth server continues to exist even after user in removed from customer Idp

Ongoing Issue with New Users

This outlines the issue for users added after SCIM is enabled.

1. When a new user is assigned to the SAML application in customer Azure idp, the customer's Azure IdP sends a GET request to our system to fetch the user's profile.
2. Our application returns a response as per the SCIM standard.
3. When the new user logs-in his shadow account gets created in our Auth server by Just in Time
4. When the user is deleted from customer Azure IdP, it does not trigger the SCIM deactivation event.
5. Users shadow account in our Auth server continues to exist even after user in removed from customer Idp

Can you help understand how to resolve this issue ?