Configuring Applications

Learn how to register applications in Microsoft Entra ID and configure their permissions.

We'll cover the following

Microsoft Entra ID primarily serves as an identity and access management platform rather than hosting its own standalone applications. However, we can register or integrate external applications in Microsoft Entra ID, which will provide applications with an identity in Microsoft Entra ID, allowing them to interact with Microsoft Entra ID-protected resources.

Application registration

Registering applications in Azure involves integrating an application in Microsoft Entra ID. Applications can be custom applications we have developed or pre-integrated applications available in the Microsoft Entra application gallery. Registering an application in the Microsoft Entra ID establishes a trust relationship between our app and the Microsoft Entra ID. It also provides end users with a unified sign-in experience across multiple apps while keeping corporate credentials safe at the same time. Additionally, application registration lets us control access rights for different applications through Microsoft Entra ID and set up conditional access policies according to their security requirements. These features make it easier for IT admins to manage application registrations within Microsoft Entra ID more efficiently and securely.

Application objects and service principals

An application object and a service principal are automatically created whenever an application is registered.

service principal is the local representation of your application within a specific tenant. It is a security identity within Microsoft Entra ID specifically designed for applications. Its primary purpose is to authorize applications to securely interact with Azure resources. Managing service principals is crucial for IT administrators to control access and ensure security. It involves creating rules, defining which user or application will have access to specific services, and setting up authentication processes that verify identity before granting access.

On the other hand, an application object represents an application globally across all tenants within the Microsoft Entra ecosystem. It stores metadata and configuration details related to a registered application. These details include the application registration’s user name, password, expiration date, and other relevant settings. The application object is associated with the service principal of the application. When service principals access a specific resource or application, they use information from the corresponding application object for authentication.

Register an application

Follow the steps given below to register an application in Microsoft Entra ID:

  • Click the “Enterprise Applications” option from the sidebar of the Microsoft Entra ID dashboard.

  • Click the “New application” option.

  • Click the “Create your own application” option.

  • Type a name for the App and checkmark the “Register an application to integrate with Microsoft Entra ID (App you’re developing)” option and click the “Create” button.

  • On the “Register an application” page, type the name of the App again and checkmark the “Accounts in this organizational directory only (Default Directory only - Single tenant)” option.

  • Click the “Register” button.

Get hands-on with 1400+ tech skills courses.