Hi All What is the major differences between Azure App Registration and Enterprise Applications. what i see is that with enterprise application we can integrate with other companies.

Hello @Glenn Maxwell , thank you for reaching out. All applications that get registered in AAD, in the tenant, two types of objects get created once the app registration is done. Application Object Service Principal Object The Application Object is what you see under App Registrations in AAD. This object acts as the template where you can go ahead and configure various things like API Permissions, Client Secrets, Branding, App Roles, etc. All these customizations that you make to your app, get written to the app manifest file. The application object describes three aspects of an application: how the service can issue tokens in order to access the application, resources that the application might need to access, and the actions that the application can take. The Service Principal Object is what you see under the Enterprise Registration blade in AAD. Every Application Object (created through the Azure Portal or using the Microsoft Graph APIs, or AzureAD PS Module) would create a corresponding Service Principal Object in the Enterprise Registration blade of AAD. A service principal is a concrete instance created from the application object and inherits certain properties from that application object. A service principal is created in each tenant where the application is used and references the globally unique app object. The service principal object defines what the app can actually do in the specific tenant, who can access the app, and what resources the app can access. Similar to a class in object-oriented programming, the application object has some static properties that are applied to all the created service principals (or application instances). You can read more on the following objects here: https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals Hope this helps. Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer ; if the above response helped in answering your query.

Imagine you have a favorite game that you like to play at your friend's house. To play this game, you need two things: a special pass that lets you into the house (we'll call this the "House Pass") and a character in the game that you control (let's call this the "Game Character"). Enterprise ID (Enterprise Application) The "House Pass" is like the Enterprise ID . Just like the pass allows you into your friend's house to play games, watch movies, or do fun activities, the Enterprise ID allows people in a company to use different computer programs or apps. It's a special kind of pass that lets you and others do lots of cool things on the computer without having to remember many passwords. It's like saying, "Hey, I'm part of this big club, and I can do all these fun things!" Service Principal The "Game Character" is like the Service Principal . Imagine in your game, you have a character that can go on adventures, collect treasures, and do tasks. This character has special abilities or keys that let it do things in the game world. In the computer world, when a company uses apps or programs, the Service Principal is like the character that the app controls. It has special keys that let it do certain things, like showing you messages or checking the weather, without needing a person to tell it what to do every time. How They Work Together So, when your company wants to use a new game or app, they first get a "House Pass" (Enterprise ID) that lets them into the big world of many games and apps. Then, for each game or app, they create a "Game Character" (Service Principal) that knows how to do things in that game or app, like collecting data or helping with work, all by itself. In simple terms, the Enterprise ID is like a membership card to a huge amusement park with many games and rides (apps), and the Service Principal is like having a robot friend that can go on the rides and play the games for you, following the rules of the park.

App Registration vs Enterprise Applications

Accepted answer

soumi-MSFT 11,786 Reputation points Microsoft Employee

2021-02-12T15:50:35.613+00:00
Hello @Glenn Maxwell , thank you for reaching out. All applications that get registered in AAD, in the tenant, two types of objects get created once the app registration is done.

Application Object

Service Principal Object

The Application Object is what you see under App Registrations in AAD. This object acts as the template where you can go ahead and configure various things like API Permissions, Client Secrets, Branding, App Roles, etc. All these customizations that you make to your app, get written to the app manifest file. The application object describes three aspects of an application: how the service can issue tokens in order to access the application, resources that the application might need to access, and the actions that the application can take.

The Service Principal Object is what you see under the Enterprise Registration blade in AAD. Every Application Object (created through the Azure Portal or using the Microsoft Graph APIs, or AzureAD PS Module) would create a corresponding Service Principal Object in the Enterprise Registration blade of AAD. A service principal is a concrete instance created from the application object and inherits certain properties from that application object. A service principal is created in each tenant where the application is used and references the globally unique app object. The service principal object defines what the app can actually do in the specific tenant, who can access the app, and what resources the app can access.

Similar to a class in object-oriented programming, the application object has some static properties that are applied to all the created service principals (or application instances).

You can read more on the following objects here: https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.
Please sign in to rate this answer.

50 people found this answer helpful.
EnterpriseArchitect 5,406 Reputation points

2021-06-23T04:26:31.283+00:00

@soumi-MSFT , There is no possibility to add the user as Contributor role to this Enterprise Application ?

All I can see is just the Owners role.

Ruslan Babayev 1 Reputation point

2021-08-12T19:44:59.047+00:00

Wow, brilliant explanation. Finally, i see a detailed and straight to the point explanation.

Thank you,

Ruslan

Riera , E 51 Reputation points

2021-09-28T16:01:17.523+00:00

What is the reason for calling "Enterprise Applications" to Service Principal Objects? And why Application Objects are called "App Registrations"? I find the names quite confusing...

And the explanation is nice but for instance, when you said "how the service can issue tokens in order to access the application" it is not clear to me to which service are you referring to. I should guess "the service" is "AAD", isn't it?

I find confusing this other statement "All these customizations that you make to your app, get written to the app manifest file." To which app are you refering to? You mean the "App Registration row"? Or you mean whatever app I have opened in Visual Studio Code that at some point it would use this "App Registration row" in order to consume M365/Azure services?

Anwar Mahmood 16 Reputation points

2021-10-29T16:01:46.78+00:00

You say "what you see under the Enterprise Registration blade in AAD.".

I do not see "Enterprise Registration".

When I search Azure Portal, I do not see "Enterprise Registration".

'What is this "Enterprise Registration" that you speak of?

Vlad 6 Reputation points Microsoft Employee

2022-07-08T09:56:59.867+00:00

It's Enterprise Applications instead.

Abrams, Paul PJA [NC] 21 Reputation points

2023-06-16T19:34:50.21+00:00

The question was about apps vs Enterprise apps. Instead, you talked about apps vs service principals. Are you saying that an Enterprise app is the exact same thing as a service principal?

Abrams, Paul PJA [NC] 21 Reputation points

2023-06-16T19:36:14.3966667+00:00

I'm even more confused, now.

\
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

App Registration vs Enterprise Applications

5 additional answers

Your answer