To revoke
permissions for an Azure AD from the Cloud Identity Engine, you
must have at least the following role privileges in Azure AD: Application
Administrator and Cloud Application Administrator. For more information about
roles in Azure AD, refer to the following
link.