3261811 - IPS job from Azure AD to IAS fails: Oauth request failed with status: 401 and AADSTS7000222

In the Identity Provisioning job log from Azure Active Directory to IAS , the following error messages are displayed, which can be slightly different 

• com.sap.cloud.ips.runtime.exception.ProvisioningException: Can not read entities from source system: '<Azure AD system>' Caused by: com.sap.cloud.ips.connectors.api.ConnectorException: HTTP operation failed invoking https://graph.microsoft.com/v1.0/users?... with statusCode: 401 and body {\"error\":{\"code\":\"Authorization_IdentityNotFound\",\"message\":\"The identity of the calling application could not be established.
• com.sap.cloud.ips.runtime.exception.ProvisioningException: Can not read entities from source system: '<Azure AD system> ' Caused by: com.sap.cloud.ips.connectors.api.ConnectorException: Connector cannot process more entities due to irreparable error Caused by: com.sap.cloud.ips.connector.exception.ProvisioningRuntimeException: Oauth request failed with status: 401 and body: {\"error\":\"invalid_client\",\"error_description\":\"AADSTS7000222: The provided client secret keys for app 'xxxx' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds

Identity Provisioning

KBA , BC-IAM-IPS , Identity Provisioning Service (IPS) , Problem