I am with you on this one.
I did this kind of research myself and came to the same conclusion: currently service accounts are much secure option than service principals.
Major issues with service principals are:
- lack of permissions granularity
- lack of Azure AD Conditional Access rules support
- weak actions logging
The only real benefit I found for using service principal, is that you don’t need a license to access Office 365 data, like files or emails. This has nothing to do with security though.
To be fair, I guess certificate authentication scenario is a valid case of distinct security feature which is not available for AAD service accounts. But again, there are no means to secure service principals any further
Read more here: Source link