Security/Service Principals

Apps & service principals in Microsoft Entra ID - Microsoft identity platformMicrosoftLearn

Security Principals:

• Users:

  • User X has access to resource Y

    • Member: Normal cloud user. Can read all directory information and invite external users. They can also manage their own profiles and register applications.

    • Guest: Restricted user that can only manage their own profile data. Can not register application or browse the directory.

• Groups:

  • Group X has access to resource Y

• Service Principals:

  • Used by applications and used to authenticate against a resource.

    • Authentication requires:

      • Service Principal ID

      • Tenant ID

      • Secret or Certificate

• Managed Identities:

  • Special security principal linked to a resource that performs authentication on behalf of a resource.

    • System assigned MI, linked to a single resource (Virtual Machine).

    • User assigned MI, can be linked to multiple resources (One MI for a set of virtual machines).

Apps & service principals in Microsoft Entra ID - Microsoft identity platformMicrosoftLearn

Security principalsMicrosoftLearn