Application Objects
An Application object represents an Azure AD App Registration.
It consists of elements such as the:
- Supported account types (single or multi-tenant)
- Redirect URIs
- Token configuration
- Resource permissions
These objects serve as the blueprint for the application they represent.
To use this object, a counterpart Service Principal is needed.
Service Principals
Service Principals enable authentication and authorisation
In Azure AD there are three Service Principal types:
- Application
- Managed; and
- Legacy
For the purposes of this article we will focus just on the Application type.
Application
An Application Service Principal supports the instance of an Application object.
For multi-tenant apps, each tenant will create and maintain its own Application Service Principal which ties to the original Application object.
The principal facilitates configuration such as:
- Sign-in availability
- Assigned owners
- Assigned users or groups
- Appearance within MyApps
- Conditional Access
It is not recommended to change redirect URI values on the service principal itself because these values can be overriden when a sync occurs (between it and the application object).