How to Find User by Service Principal Name in the Microsoft Azure Portal

Using the Microsoft Azure Portal, you can find user by service principal name. A service principal is the local representation of a globally unique application object. It’s used by Kerberos authentication to associate service instances with service logon accounts. The most rudimentary of these is the Service Account, but there are also gateway applications in the tenant and even applications in other environments. The Azure Portal has other methods for creating these sharable credentials.

Microsoft Azure Portal

The main benefit of a service principal is that it provides a greater security level than an ordinary user. For example, the log analytics workspace in Azure provides sign-in data via the service principal. This information is useful for analytics based on the logs, but it can also be used to protect your apps from phishing attacks. This is the reason you see the word ‘Service’ in the username field.

You can use a powershell script to list service principals by name, and it’s not just for the Office 365 service. In addition, you can configure your process hosting service to utilise a domain user account. You will probably need to get a hold of a domain administrator and turn on the requisite permissions. You can do this by logging on to a domain machine with the administrative tools snap-in.

The Azure Portal also has an app registrations blade that makes it easy to discover the most interesting app registrations. The trick is to know what to look for, and what to filter out. There are several different ways to accomplish this, but the most nifty is to select all the relevant ones by themselves, and then click the ‘apps’ tab in the top right-hand corner. You can then assign these applications to users in the ‘Workspaces’ area. The ‘Microsoft Graph’ permission is also available in the Azure Portal.

The main purpose of a Service Principal is to prevent jobs from failing when a user leaves a workspace. This is especially important when you’re using an API-only identity, and is made possible by the Microsoft Graph. It’s not only good for locating users by service principal name, but it can also help you determine the best suited workspace to assign a particular service to. It’s also a good idea to create a user with the highest level of permissions. This is especially helpful if you’re building an ad-hoc application that you don’t want to be part of a tenant. Similarly, if you have a tenant that has a lot of users and isn’t conducive to your workflow, you may consider using a service principal. This is a best practice to reduce the number of user accounts with no use for your services.

The Azure Portal also has a nifty little feature called the ‘api perk’ that gives you the ability to perform some of the most mundane tasks, such as modifying an ad-hoc application’s properties and adding users to a group. It’s an easy way to create your own ad-hoc applications and a great way to test the limits of your ad-hoc architecture.