![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 87%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
25,080 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi,
Object ID is the unique id for the application object, which is template/blueprint for creating the application. The service principal Object ID represents a concrete instance of the application in a tenant.
Let me give an example using something more tangible, a tractor.
Say you have a manufacturer of tractors. They create detailed blueprints, CAD/CAM files, part sourcing details, etc., for a specific model tractor. They assign this group of technical documents a unique ID, which would be the same as our Application Object ID above.
Now, when each tractor is actually made on the assembly line, the manufacturer assigns a unique ID number (VIN) and stamps it on the frame and other places. This unique ID would be the same as Service Principal Object ID above.
Going forward, the VIN serves as a reference for a specific tractor that exists in the real world. Who owns it, service history, etc. Service principal object ID serves as a reference to a specific instance of the application in a specific Azure AD tenant. Who is allowed to use it, what permissions it has been granted to other objects, etc.
Does that make sense?
Please click Accept Answer if the above was useful.
Thanks.
-TP