Security/Service Principals

Security Principals:

  • Users:

    • User X has access to resource Y

      • Member: Normal cloud user. Can read all directory information and invite external users. They can also manage their own profiles and register applications.

      • Guest: Restricted user that can only manage their own profile data. Can not register application or browse the directory.

  • Groups:

    • Group X has access to resource Y

  • Service Principals:

    • Used by applications and used to authenticate against a resource.

      • Authentication requires:

        • Service Principal ID

        • Tenant ID

        • Secret or Certificate

  • Managed Identities:

    • Special security principal linked to a resource that performs authentication on behalf of a resource.

      • System assigned MI, linked to a single resource (Virtual Machine).

      • User assigned MI, can be linked to multiple resources (One MI for a set of virtual machines).

Last updated