You noticed an event showing up while reviewing activity logs.

Sample from Activity log

SQLDBControlPlaneFirstPartyApp explained

The SQLDBControlPlaneFirstPartyApp is an internal Azure application used by the Azure SQL Database control plane to synchronize resource state between the SQL engine and Azure Resource Manager (ARM). Its main purpose is to ensure that any changes made directly in the SQL engine (such as creating, updating, or deleting databases using T-SQL or other direct methods) are reflected and kept in sync with the ARM resource model, which is what the Azure Portal and management APIs use to represent resources.

When you see events initiated by SQLDBControlPlaneFirstPartyApp, it typically means that the control plane is performing a “hydration” or synchronization operation to update ARM with the latest state of the database resource. This is especially important for resources created or modified outside of the ARM/Portal path, as ARM needs to be aware of these changes for management, billing, and compliance purposes.

If the user has disabled the ability for this app to sign in at the tenant level, synchronization will be blocked, and you may see errors or failed events related to ARM resource hydration. In such cases, the user needs to enable sign-in for the SQLDBControlPlaneFirstPartyApp in the Azure Portal to allow these synchronization operations to proceed successfully.

In summary, the SQLDBControlPlaneFirstPartyApp is essential for keeping the SQL engine and ARM resource states consistent, especially for resources managed outside of the standard ARM/Portal workflows. Its actions are a normal part of Azure SQL Database’s internal management and are required for correct resource representation and operation in Azure.

First Party App

First Party Apps are Microsoft-owned applications and services that are integrated with your Azure environment to provide core platform functionality, security, and management features. These apps are developed, managed, and maintained by Microsoft, and are essential for enabling various Azure services and features to work seamlessly within your tenant.

The presence of these apps in your Enterprise Applications list is expected and necessary for the operation of Microsoft services such as Azure SQL Database, Microsoft Teams, Azure Active Directory, and others. For example, the “Azure SQL Database” application is a First Party App that enables Azure AD authentication and other identity-related features for Azure SQL Database. These apps are not third-party or external; they are part of the Microsoft cloud ecosystem and are required for secure and integrated service delivery.

Users cannot delete these applications, as they are protected and managed by Microsoft to ensure the stability and security of the platform. You can verify that an application is a Microsoft First Party App by checking its properties in the Azure portal, where you will see a message stating, “You can’t delete this application because it’s a Microsoft first party application.”

Disable sign-in to the SQLDBControlPlaneFirstPartyApp app

Although disabling sign‑in through an Enterprise Application is not recommended, it is technically possible. Doing so may prevent users from viewing their resources in the Azure portal or may cause resource information to appear incorrect.