Service principal

The registered application in the provider’s tenant serves as a template that gets provisioned as a service principal into the customer’s Azure Active Directory (AAD) tenant by the time of the first encounter. Azure Active Directory uses a given application registration as a blueprint to create a service principal, which represents a concrete instance of the application within a directory or tenant. The service principal defines what the application can do in a specific target directory, who can use it, what resources it has access to, and so on.

The registered application in the provider’s tenant serves as a template that gets provisioned as a service principal into the customer’s AAD tenant at the time of the first encounter.

The following diagram illustrates the process flow.