Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

What is the different between service principal in App Registration and enterprise application ?

Brass Contributor

Hi Team,

 

I would like to know more about the service principal in Azure AD.

When we create a service principal in Azure AD,It creates two resources :

 

1) Service Principal in App Registration

2) Service Principal in Enterprise Application

 

Application Id for both is same but object Ids are different ?

 

How to retrieve these object Ids via powershell?

4 Replies

One is the actual application object, where you configure the properties of your app (authentication, permissions, replyURIs and so on). The other one is a representation of the application within a directory, this can be your own directory or another company directory, etc. It "inherits" the settings from the application object and is what's used to grant consent/permissions to resources.

Hi @Vasil Michev ,

 

Thanks for the explanation.

Can you elaborate a bit more one when to use application object id and when to use service principal object id?

 

Thank You

Not sure what you are trying to do, so don't know what to elaborate :) The documentation gives you more details if needed: https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals

A very easy explanation (that isn't 100% correct) is that you create a app registration for apps that you develop yourself.
Enterprise Applications are added when you add third party appliations.

As Vasil said, if you would provide us with more insights, we could provide a better answer