You might try looking in the AAD SigninLogs and AuditLogs for information related to the associated identities and service principals.
You might also consider Defender for Cloud - App Service monitoring and Azure Active Directory Identity Protection.