Service Principal
Identity used by applications and services to authenticate and access Azure AD-protected resources.
What is Service Principal?
Service principals are the identity objects that represent applications in Azure AD. When an application is registered, a service principal is created in each tenant where the app is used. Service principals can have credentials (secrets or certificates) and permissions assigned to them. Unlike user accounts, service principals typically authenticate without MFA, making credential security critical.
In Microsoft 365
Service principals in Azure AD can be for single-tenant apps, multi-tenant apps, or managed identities. They access Microsoft Graph and other APIs on behalf of the application. Credential hygiene (short expiration, certificate preference) is critical for supply chain security.
Examples
- 1App registration service principal
- 2Enterprise application service principal
- 3Managed identity service principal
Related TrueConfig Controls
These controls help implement and verify service principal in your Microsoft 365 environment.