Service Principal — Solving Microsoft 365

A service principal in Microsoft Entra ID is the instance of an application inside a specific tenant — its representation, with its own object ID, permissions, role assignments, and sign-in logs. Distinct from the application registration, which defines the app at its home tenant; the service principal is what shows up in your tenant as an enterprise application. Every multi-tenant SaaS app you've consented to creates a service principal in your tenant. Service principals can authenticate (via client secrets, certificates, or federated credentials), call Graph APIs, and be granted role-based access. As non-human identities, they're a significant attack surface — manage them via Microsoft Entra Workload ID and audit them like users.