If you are using Apple Business and you are receiving email everyday saying "accounts have errors and could not be created" you are not the first person. Also, this error email will get delivered to all the users with roles like People Manager, Content Manager, Administrator, etc. If you download the logs and check the error code you can see that under operation sub status it is mentioned that ACCOUNT_UPDATE_NOT_ALLOWED. Unfortunately, if you check the Apple support article here, you won't even see this error code.
After some troubleshooting, we identified that the error message is related to Federated Authentication with Azure AD. If you check the user in Apple Business who has this error message associated with, their Authentication method will be 'Apple' instead of 'Federated'. If the authentication is not federated and you have set up SCIM with Azure AD, according to Apple, "When you sync users (regardless of method), any accounts that have a User Principal Name (UPN) identical to accounts that have a role of Administrator or Site Manager won’t sync. For those accounts, the source won’t change to SCIM".
The solution will be to assign a different role like 'staff' to the user who has the error associated with it. Once you change the role to staff you can see that the authentication method will change as well. Next day if you check you will get the 'Account Updated' message from Apple instead of the error. Another ideal thing you could do is to create a separate dynamic group in Azure AD to remove any mailboxes (if you have any) and only include users who need a business apple account and assign this group to the Azure AD Apple Business manager application.