Differences

This shows you the differences between two versions of the page.

--- azure:application_management [2023/02/03 12:49] – mmuze
+++ azure:application_management [2025/06/04 12:16] (current) – mmuze
@@ Line 4: / Line 4: @@
   * [[https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/]]
   * [[https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals]]
+  * The configuration that is under //Enterprise applications// is the //security/service principle// used by the app.
+  * [[https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent]]
+  * application permissions vs. delegated permissions
+====== App Registration vs. Enterprise Applications ======
+  * The App Registration represents the //application object// and the Enterprise Application represents the //security principle//.
+====== MS Graph Powershell Example ======
+When the //MS Graph Powershell// module connects to MS Graph for the first time the user will be prompted to consent to the permissions/scope needed.
+> Over time, the permissions held by the service principal will be those granted at the initial time of consent plus any other permissions granted subsequently as people work with the interactive client. In other words, the service principal collects aggregated permissions over time. For this reason, it’s not recommended to use the Graph SDK cmdlets interactively because if you do, over time a distinct possibility exists that the service principal will become very over-permissioned and therefore becomes a security risk.