On Azure AD, there is no concept for expired roles (assigning a role for a period of time like in DNN). Currently, the provider only supports synchronizing the role membership from Entra ID to DNN, never from DNN to Entra ID.

Add a new option on the provider to remove from Entra ID the DNN expired roles:

1. On the sync process, check for a new option to sync the membership of expired roles.
2. If the option is "true", then search for expired memberships and remove them from B2C if they exist. During the next user login, the role membership will be updated locally in DNN, removing that expired membership forever.