App Registration vs Enterprise Applications

Glenn Maxwell 10,046 Reputation points
2021-02-12T09:39:06.19+00:00

Hi All

What is the major differences between Azure App Registration and Enterprise Applications. what i see is that with enterprise application we can integrate with other companies.

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
207 questions
0 comments No comments
{count} votes

Accepted answer
  1. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2021-02-12T15:50:35.613+00:00

    Hello @Glenn Maxwell , thank you for reaching out. All applications that get registered in AAD, in the tenant, two types of objects get created once the app registration is done.

    • Application Object
    • Service Principal Object

    The Application Object is what you see under App Registrations in AAD. This object acts as the template where you can go ahead and configure various things like API Permissions, Client Secrets, Branding, App Roles, etc. All these customizations that you make to your app, get written to the app manifest file. The application object describes three aspects of an application: how the service can issue tokens in order to access the application, resources that the application might need to access, and the actions that the application can take.

    The Service Principal Object is what you see under the Enterprise Registration blade in AAD. Every Application Object (created through the Azure Portal or using the Microsoft Graph APIs, or AzureAD PS Module) would create a corresponding Service Principal Object in the Enterprise Registration blade of AAD. A service principal is a concrete instance created from the application object and inherits certain properties from that application object. A service principal is created in each tenant where the application is used and references the globally unique app object. The service principal object defines what the app can actually do in the specific tenant, who can access the app, and what resources the app can access.

    Similar to a class in object-oriented programming, the application object has some static properties that are applied to all the created service principals (or application instances).

    You can read more on the following objects here: https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.

    38 people found this answer helpful.

5 additional answers

Sort by: Most helpful
  1. Aneesh Varghese 35 Reputation points
    2024-01-29T16:49:15.01+00:00

    Here are the key differences I found between Microsoft Entra ID - App registrations and Microsoft Entra ID - Enterprise applications:

    1. App registration allows to register an application to integrate with Microsoft Entra ID (App you're developing) where as Enterprise applications allows app registration as well as adding and configuring SaaS apps from the Microsoft Entra App Gallery. Enterprise applications also allows to publish the apps deployed on-premises. Reference: https://learn.microsoft.com/en-us/training/modules/plan-design-integration-of-enterprise-apps-for-sso/1-introduction
    2. Apps added through Microsoft Entra ID - App registrations are by default OIDC-based apps, while apps added through Microsoft Entra ID - Enterprise applications might use any SSO standard. Reference: https://learn.microsoft.com/en-us/training/modules/plan-design-integration-of-enterprise-apps-for-sso/7-configure-pre-integrated-gallery-saas-apps
    3. App Registrations is where you register your applications, while Enterprise Applications is where you manage access to these applications.
    7 people found this answer helpful.
    0 comments No comments

  2. Sarye HADDADI 15 Reputation points
    2023-02-04T18:01:17.5766667+00:00

    My understanding:

    • You register an App => Creates a globally unique App Object (also called App registration) + a Service Principal in your Tenant (1 tenant = 1 Subscription).
    • Enterprise application => another name for designing the previously created Service Principal. But a "Service Principale" is a general term on itself. "Human User", a "Group", an 'Entreprise App' are all Service Principals.

    "When the application is accessible by multiple tenants, all tenants will have one Enterprise application (= have one Service principal). However, the application registration itself will be in its “home” tenant". I learned that from this blog.

    3 people found this answer helpful.
    0 comments No comments

  3. Huw Jeffries 6 Reputation points
    2021-11-03T15:33:18.6+00:00

    @soumi-MSFT - thanks for the explanation. Thinking specifically about Enterprise Applications: If I go Azure Active Directory -> Enterprise Applications -> Create your own application, and choose "Integrate any other application you don't find in the gallery", would it create both an Application and a Service Principle, exactly the same as if I were doing an App registration?

    I'd really like to tease out the subtle difference between Enterprise Applications and App Registrations. Thanks!

    @Anwar Mahmood - I think in the earlier answer Enterprise Applications is synonymous with Enterprise Registration as found in the Azure Active Directory main menu:
    146178-image.png

    1 person found this answer helpful.

  4. Mehul Shah 5 Reputation points
    2023-04-17T10:47:39.3933333+00:00
    1 person found this answer helpful.