Azure AD SPN, Enterprise Applications, Managed Identities, App Registrations
Get-AzureADServicePrincipal return objects with following types:
- ServicePrincipal
Get-AzureADApplication return objects with following types:
- Application
Application is represented by 2 objects in Azure AD: Application and Service Principal.
Multi-tenant applications have an application object in AppOwnerTenant (home directory) and service principals in all other tenants where the application have a federation with
To differentiate service principals threre are objects with ServicePrincipalType property:
- ManagedIdentity
- Application
- Legacy
- SocialIdp
Azure AD Portal Visibility
- Service Principals with “Legacy” ServicePrincipalType are Hidden Applications & Service Principals and they do not visible on portal
- All Service Principals should be visible in Azure Active Directory Portal → Enterprise Applications → All applications (Select All Applications in Application Type filter)
- All tenant applications are visible in Azure Active Directory Portal → App Registrations. To make it visible in Enterprise applications, Service Principle must have “WindowsAzureActiveDirectoryIntegratedApp” tag.
Gallery applications have Application Templates but represented in the organization’s tenant with both objects : Application and Service Principal.
References:
Apps & service principals in Azure AD — Microsoft identity platform | Microsoft Docs
How and why apps are added to Azure AD — Microsoft identity platform | Microsoft Docs