An Application object represents an Azure AD App Registration.
It consists of elements such as the:
- Supported account types (single or multi-tenant)
- Redirect URIs
- Token configuration
- Resource permissions
These objects serve as the
blueprint for the application they represent.
To use this object, a counterpart Service Principal is needed.
Service Principals enable authentication and authorisation
In Azure AD there are three Service Principal types:
- Managed; and
For the purposes of this article we will focus just on the Application type.
An Application Service Principal supports the
instance of an Application object.
For multi-tenant apps, each tenant will create and maintain its own Application Service Principal which ties to the original Application object.
The principal facilitates configuration such as:
- Sign-in availability
- Assigned owners
- Assigned users or groups
- Appearance within MyApps
- Conditional Access
It is not recommended to change redirect URI values on the service principal itself because these values can be overriden when a sync occurs (between it and the application object).