Application Objects

An Application object represents an Azure AD App Registration.

It consists of elements such as the:

  • Supported account types (single or multi-tenant)
  • Redirect URIs
  • Token configuration
  • Resource permissions

These objects serve as the blueprint for the application they represent.

To use this object, a counterpart Service Principal is needed.

Service Principals

Service Principals enable authentication and authorisation

In Azure AD there are three Service Principal types:

  • Application
  • Managed; and
  • Legacy

For the purposes of this article we will focus just on the Application type.


An Application Service Principal supports the instance of an Application object.

For multi-tenant apps, each tenant will create and maintain its own Application Service Principal which ties to the original Application object.

The principal facilitates configuration such as:

  • Sign-in availability
  • Assigned owners
  • Assigned users or groups
  • Appearance within MyApps
  • Conditional Access

It is not recommended to change redirect URI values on the service principal itself because these values can be overriden when a sync occurs (between it and the application object).