Strange Error Message when turning Azure Federation off and on again in Apple School Manager

Hi,

As part of an upcoming one-to-one device project, I'm working with a school using Microsoft Endpoint Manager (aka InTune), which had already enabled federation with their Azure AD tenant and configured a SCIM data source (also linked to Azure). Unfortunately, they had to delete the SCIM config and switch it to SFTP so it could use a different data source (school's MIS) in order to pull in class data.

Part of this meant turning off federation and deleting all the Apple IDs that had been created - this wasn't a huge problem, as they were not in use, apart from one or two accounts.

Unfortunately, the SFTP config is not ready to go, as the third party data extraction tool has encountered a problem which, we are informed, will take weeks yet to resolve. This is a big problem, because students will be returning to class very soon, and the school's existing fleet of shared iPads cannot currently be used, as the Apple ID which they're logged in with no longer exists.

I've re-enabled federation, created this Apple ID in ASM and confirmed it is federated. I can log into iPads with the Apple ID no problem. However, when I try to download any apps from the (EPM) Company Portal, I get an unexpected error message "Can't find VPP license for app (0x87D13B95)".

I tried to delete the app license from within EPM (it doesn't seem to be possible to do this through Apple School Manager), but the same problem occurs when I try to download from the Company Portal again.

I've confirmed that, if I create a new Apple ID, federate it, and try using this account it downloads fine - the issue appears to happen when using the re-created Apple ID, which was federated to an Azure account in the past.

Unfortunately, to resolve the issue with the fix I found, I had to wipe the device to get it to a point where it's usable, so this isn't an ideal scenario when scaled up to 200 devices.

Furthermore, I'm worried that, because the school had already created Apple IDs for all its staff and students before we turned off federation and deleted them, the same issue will happen writ large further down the line, which would be a catastrophe.

I'm hoping someone else out there has experience of this scenario and will be able to offer advice? Many thanks in advance.

Regards,

Robert