Firstly the way the integration will work is once an email is changed in Bob, We will send a query to the provisioning syste.
If no matches are found for the email then Azure creates a new user.
In order to avoid this happening you will need to first change the email in the provisioning system instead of Bob. Once you have changed the user's email within the provisioning system, you can go to Bob and change the email.
Then the query will be sent to provisioning system and as you've set the email on provisioning system already it will find a match and not create a new user account for the Bob user.