I've got a service principal in Azure which was created when i turned on Managed Service Identity for one of my Azure assets. I'd like to grant permissions to this SP using the App Registrations area in the portal (I know I can do it with New-AzureADServiceAppRoleAssignment, but I'd like to create an application in this case).
The Service Principal has an associated application whose guid is visible in the Enterprise Applications section of the AAD blade, but that application id isn't visible in the app registrations section and Get-AzureRmADApplication
doesn't see it either.
Can I use powershell or the REST API to somehow change make the application associated with the MSI's service principal show up in this area?
If you enable the MSI, it will create a service principal automatically.
What you have seen in the
Enterprise Applications
is also calledservice principal
. You could understand that the Enterprise Application equals service principal.If you create app registration, it will also create a service principal in the Enterprise Applications. But if you enable MSI, there will not be an AD app(app registration). You could not make the
Enterprise Application
(service principal) show up in theApp registration
. Also, when you granting permission to an AD app, it essentially grants the permission to the service principal.For more details about App registration and Service principal, refer to this link.