Azure Service Principals in your tenant should be periodically reviewed just as app registration secrets and passwords should be, see post https://www.cyber.engineer/azure-active-directory-threat-hunting-app-registration-key-count as they both work hand-in-hand. What is a service principal? To access resources that are secured by an Azure AD tenant, the entity that