I would like to know if it is always recommended to use Managed Identities in Azure , mostly system assigned or a Service Principal? When should Service Principals be used in Azure compared to a managed identity, what is the advantage of one over the other? Any help would be appreciated.
3 Answers
Internally, managed identities are service principals of a special type, which are locked to only be used with Azure resources. When the managed identity is deleted, the corresponding service principal is automatically removed. Also, when a User-Assigned or System-Assigned Identity is created, the Managed Identity Resource Provider (MSRP) issues a certificate internally to that identity.
and
So what’s the difference?
Put simply, the difference between a managed identity and a service principal is that a managed identity manages the creation and automatic renewal of a service principal on your behalf.Source: What’s an Azure Service Principal and Managed Identity?
A managed identity is a type of the service principal.
A service principal can be one of three types: applicaiton, managed identity, and legacy. The division into types is based on circumstances of their usage. Thus their specific handling also differs based on their type.
rickvdbosch provided link to an article that talks about specifics of the managed identity type of the service principal. For those who would like to learn about the concept of the service principal object and its types, here is a link to a different article: Application and service principal objects in Azure Active Directory.