Final answer:
An application registered in Microsoft Azure AD automatically creates a Service Principal, which serves as its 'identity' for authentication and authorization within the directory, dictating access policies and permissions.
Step-by-step explanation:
When you register an application in Microsoft Azure Active Directory (Azure AD), a Service Principal is automatically created. This Service Principal is an instance of the application within your directory. Think of it as a specific 'identity' for the application to use when accessing resources that are secured by your Azure AD. It enables the application to participate in the authentication and authorization processes, like when a user signs in or when the application requests access to resources.
Azure AD Service Principals are necessary for apps that need to access resources or APIs secured by Azure AD, as they define the policy and permissions for the app - who can access it, what resources it can access, and what it can do with those resources. Keep in mind the distinction between registration, which is about defining the app’s configuration, and the Service Principal, which is about how it acts on behalf of that definition within the specific directory.