# Enterprise Application / Service Principal When we create/register a new application with a secret, redirect uri ETC. It's called a "application" but when a user **consents** to this application, a new "enterprise application" is created automatically with the same name as the application. This is called a **service principal**. {% hint style="success" %} A service principal is the part can can be used, role assignment, permissions, etc. {% endhint %} Also, conditional access can be implemented on enterprise applications/service principals. Since you will need a extra subscription to protect these workload identities, it is very likely that MFA is enforced on these. This is why we are interested in obtaining access to a enterprise application. ### Authenticating with a App secret When we know a app's secret from the application registration, we can authenticate as the SPN using: ```powershell $password = ConvertTo-SecureString 'APP-SECRET' -AsPlainText -Force $creds = New-Object System.Management.Automation.PSCredential('APP-ID', $password) Connect-AzAccount -ServicePrincipal -Credential $creds -Tenant TENANT-ID ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.incendium.rocks/pentesting-notes/cloud/azure/privilege-escalation/enterprise-application-service-principal.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.