Status: IN
Entra application identity requires a two-object model: application objects (managed via App registrations) define the app globally, while service principals (managed via Enterprise applications) instantiate per-tenant access — a service principal must exist in each tenant for sign-in, and the portal auto-creates both objects simultaneously, masking this distinction until multi-tenant scenarios surface it.