security – Pros/cons of service account and service principal in AAD

I am with you on this one.
I did this kind of research myself and came to the same conclusion: currently service accounts are much secure option than service principals.

Major issues with service principals are:

  • lack of permissions granularity
  • lack of Azure AD Conditional Access rules support
  • weak actions logging

The only real benefit I found for using service principal, is that you don’t need a license to access Office 365 data, like files or emails. This has nothing to do with security though.

To be fair, I guess certificate authentication scenario is a valid case of distinct security feature which is not available for AAD service accounts. But again, there are no means to secure service principals any further

Read more here: Source link