Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
2.3.3. Service Principals and Managed Identities
đź’ˇ First Principle: Service principals are application identities that can authenticate to Azure. Managed identities are Azure-managed service principals that eliminate the need to manage credentials.
Scenario: Your application running on an Azure VM needs to access Key Vault secrets. You could use a client secret (password), but that creates credential management overhead and security risk.
Service Principal Types
- Application service principal: Created when app is registered
- Managed identity: Azure-managed, no credentials to manage
- Legacy service principal: For older applications
Managed Identity Types
| Type | Description | Use Case |
|---|---|---|
| System-assigned | Tied to one Azure resource, deleted with resource | Single-purpose applications |
| User-assigned | Independent resource, can be shared | Multi-resource applications |
Visual: Managed Identity vs. Service Principal
⚠️ Exam Trap: Using service principals with client secrets when managed identities are available. Managed identities eliminate credential management and rotation—always prefer them for Azure-hosted workloads.
Written byAlvin Varughese
Founder•15 professional certifications