There are two important things to differentiate when registering and working with apps in Azure AD: App Registrations and Enterprise Applications.
In Azure AD terms, relates to two objects though:
- Application Object
- Service Principal Object
Let’s define them loosely and clear up the confusion.
As the name says, this is where you register your app and configure – Name, Logo, Redirect URIs, Logout URL, RBAC, API Permissions, Client Secrets, Proxy, along others. Think of it as a place where you update your apps config.
App Registration can be a single or multi-tenant, but remember, it can only exist in a single Azure AD tenant.
App Registration = Application Object – A 1:1 relationship.
Enterprise Applications is a list of all Service Principals being part of your AD tenant.
Basically, the Service Principal Object defines what the app can or can’t do, who can access it, and what resources the app can access. Contrary to App Registrations, the SPs are deployed in each tenant where the app is used.
Enterprise Application = Service Principal Object
To sum up:
- App Registration = Application Object as it can only exist in a single Azure AD tenant. Globally unique.
- Enterprise Application = Service Principal Object deployed in every Azure AD tenant that’s required.
- A 1:N relationship between an Application Object and its correlated service principal objects.
Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.