Azure Service Principals

Automated tools that use Azure services should always have restricted permissions. Instead of having applications sign in as a fully privileged user, Azure offers service principals.

An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources. This access is restricted by the roles assigned to the service principal, giving you control over which resources can be accessed and at which level. For security reasons, it’s always recommended to use service principals with automated tools rather than allowing them to log in with a user identity.

A list of the service principals in a tenant can be retrieved with az ad sp list.

See also

• Working with service principals
• Application and service principal objects in Azure Active Directory
• Service principals with Azure Kubernetes Service (AKS)
• View the service principal of a managed identity