If I remove a group from provisioning MS Entra ID sends this PATCH operation:

"Operations": [
{
  "op": "Add",
  "path": "members",
  "value": "user2"
}
]

Actually I thought that a remove patch request should be sent like:

"Operations": [
{
  "op": "Remove",
  "path": "members",
  "value": "user2"
}
]

If the user is only member of 1 provisioning group thats no problem because afterwards the user is in my case deleted as well.

But if we have the following szenario:

2 groups are configured in MS Entra ID for provisioning:

Group A (with member user1 and user2) Group B (with member user2)

If now Group B is removed the user object stays in my target system in both groups (A and B) because of the "member add" PATCH request.

Does anyone have the some problem with "add member" instead of "remove member" or a solution for this behavior?