Authenticating with application identities
Application identities are a fundamental concept in Microsoft Entra ID IAM. They represent the security context of an application or service when interacting with Azure resources. Typically, the underlying object is the service principal. A service principal is like a user identity but is used by applications, services, or scripts to authenticate and access Azure resources securely. The process of creating a service principal depends on what it is we want to use to authenticate, and mostly, we can recognize two types—application identities and managed identities used by Azure services.
When it comes to authentication and authorization in the application or managed identity, the process is the same. If it exists in Microsoft Entra ID, it can be assigned RBAC, as with any user in the system. Service principals have life cycles, just as with user identities. They can be created, updated, and deleted. For standalone Azure AD applications...