Which type of identity is created when you register an application with Active Directory (Azure AD)?

When you register an application with Azure Active Directory (Azure AD), a service principal is created. The service principal serves as the identity for the application within Azure AD. It allows the application to authenticate and interact with Azure resources securely, ensuring that permissions are granted appropriately.

The service principal acts as a 'credential' that applications use to access resources and services in Azure. It encapsulates settings like permissions and roles specified during the application registration process. This is essential for scenarios where applications need to perform actions on behalf of users, allowing Azure AD to manage access control effectively.

In contrast, user accounts represent individual users, while managed identities are used for services running in Azure to authenticate to other Azure services without managing credentials directly. User-assigned managed identities can be created and explicitly assigned, whereas system-assigned managed identities are tied to a specific Azure resource. However, those scenarios do not relate to the registration of an application with Azure AD, which directly results in the creation of a service principal.