This is by FAR the best explanation of what can be a very confusing topic that I have seen. You out did yourself here John, thank you!

Congratulations - what has always been a really confusing area has now become crystal clear. I had to watch it twice to make sure I thoroughly understood it (and will probably have to watch it again if I need to remind myself a few months down the line). But you have achieved what the Microsoft doc could not. (Also had much-needed research into OAuth 2 in the process, so win-win!) Thank you :)

When I first started to take an interest in technology it was through reading incredibly dry text books from the library. Thank god for people like John who make the constant learning journey much more accessible and enjoyable 👍

Wow, great content, John! When you showed how the Enterprise Apps are only listing the Service Principals and that you would have one SP in every AD that wants to access the app - that was really an "AHA-moment" for me. Thank you so much for this excellent explanation

This has to be the best explaintaion on workings of AAD I have ever seen. Thank you

Brilliant training from John on a subject I have always had problems grasping. I watch alot of John's courses, he is an amazing teacher.

I can't believe you made a video of this over three years ago! So glad you did, because now it's more understandable. BTW, your handwriting is so much better these days 😄

I was totally lost when I was watching this video for the first time. After I learned OAUTH2 and other concepts here and there for several days and come back to watch again, all the contents in this video are crystal clear and really well organized and presented. Thank you so much.

I've recently passed the AZ-700 because of your videos. Thank for making them. Recently, I take interest in security and yet again your knowledge help my through a lot. How can I thank you enough!!!

Wow! Absolutely brilliant. It doesn’t quite come through like this when reading the documentation over and over again. TY for explaining the Svc Principal and the difference between App Reg and Enterprise Apps.

Thanks so much. This video is now 3 years old, still explains the concepts like no other video does.

Woah! I read through so many different sites trying to understand these topics without any success. This video cleared up everything for me. Thank you for creating this.

After 3 years, i keep coming back to this video. Love your work as always John!

A lot of things got clear in my head after watching this video! I like your teaching style, very clear, concise, and one that keeps your attention. I'll surely watch other videos. Thank you John, appreciate it!

Finally, someone who can explain this whole process in a way that actually makes sense. Great video, keep it up!

I'm really amazed. The Microsoft docs were making me run in circles but this video was more than enough to understand such a complex topic

beautifully explained, my search for a a proper explanation of the App Registrations and SP's finally ended with this video. Thanks John

Absolutely fantastic, I read numerous documents over the space of a week and this video explained the equivalent of hours of reading in a 30 minute video and made it a lot simpler to understand, brilliant, thank you :)

excellent explanation. I was setting up App Registrations in Terraform and couldn't' understand where the Enterprise Application was getting created from, but now your video explained it

After basking in the concepts that you poured out in this video, just made my day. Thanks a lot for this video John.

That is the best explanation I have found so far. Your contents are very quality, thanks John!

Such great content! You really make a difference in making IT content widely available. Greetings from Costa Rica :)

Holy shit John. I have been struggling with this topic and looking at all kinds of resources to grasp it. And you come along once again with such a bang on lecture. I dont know how you always end up being so successful at teaching me things others fail to upload in to my brain. Thank you!

One of the best explanations so far on the internet, Thank you John

Thank you John. One of the best, crystal clear explanations i have heard so far. Until i watched this, i was under the impression that App Registration and SPN are synonymous :). Your way of teaching in whiteboard make things crystal clear. Hopefully some time in the future your pluralsight videos will also have the same format.. :)

100% the best video on AAD app registrations, ent apps and SPs! I just watched several of them and NONE were as clear as John's.

One of the most complicated topics in Azure AD. Well explained 👏🏼

I really search for all your videos over internet..You are one of the best trainer I have found...lucky to have you in youtube ...Thanks !!

Right, so I was trying to get my head around the concept of Apps and enterprise apps, read a lot of blogs and the official documentation. Just didn't stick.... After watching this it all makes sense! Thanks John!

love the way you explain the concepts, loved it always John. Thanks!!

your videos are so good that as soon as you say " If that was useful, please like". I feel compelled and obligated to drop everything and smash that like button. You are one awesome teacher. I am also a teacher like you, I go as far back in the history as it is needed to establish a strong foundational understanding. Thanks for being you.

Loved it, thanks for explaining it in layman terms. I have been working on AAD for sometime but never was able to wrap my head around Application Registration and Service Principal.. 🙂👍

This is such a good explanation of it, there were a few parts that were only buzzwords and nothing else for me and this really put the pieces together for me in a territory where I haven´t felt all too confident before, thank you!

Nice explanation! Tying the OAuth2 and OpenID to Azure AD and explaining the flow was exactly what's needed! Thanks John!

Thank you for this explanation! I'm a UX designer who was curious about what my scrum team developers meant whenever they mentioned 'service principal' amongst themselves. Now I know 👏🏼

This video is gold. Been trying to understand this flow for years, and finally, this video did it for me. Thank you!

You are right, I did have to watch this twice, It all clicked towards the end of the vid & made a lot more sense the secondtime round. Awesome Thank you :)

Half hour of explanation and pages of diagrams, "that's literally all there is to it!". Made me smile lol. Seriously though, great video and very helpful thank you.

A damn eye opener... jeez, finally I got the answer I was looking for! A lot of kudos to you! Subscribed and following :)

Thank you so much. i have been very struggling to understand these topics and your video really make my dots connected to line. I will for sure re-watch it a few times to deepen my understanding :)

This cleared up a lot of confusion I was having for how the Azure apps work, now I know what the difference is between the apps and the enterprise apps finally, thank you!

It's very obvious that you enjoy teaching Azure. I hope I can get to this level of understanding Azure. Keep up the great work.

This is really helpful session. I really appreciate your efforts for creating it in depth.

Wonderful Correlation Explanation : Thanks John and Appreciate your efforts to end everything Sensible.

Thank you Sir, very useful explanation how services work behind the scenes, it has some basic similarities for authentication as with your lecture about ADFS, tokens, xaml and cookies, how different servers communicate, easy enough to follow, a good little condensed/concise session.

Very nicely explained. Perfect to watch 2 time and you understand all about app registration and oauth 2.0

THANK YOU! Your video should be a mandatory course for anybody entering devops

I am JUST beginning to comprehend this material while learning the basics of working with the Microsoft Graph API.

Studying for my AZ-500, this video really helps. Thank you John!

Explained very complex topic in very lucid manner. Thank you for creating such awesome content!

Great summary at the end. I'll probably need to watch this again but certainly something is starting to click

A complex topic made simple and understandable. Thank you John 😊

Thanks John, appreciate this. Will, definitely need a few views of this one. Thanks for putting this out there.

The quality of your content is amazing. Thank you!

Phenomenal explanation @john savill. I'm exploring creation of a Shared Image Gallery to be used other tenants, and couldn't fully grasp the 'why' behind the app registration. Your video gave me the understanding I needed.

Very good presentation. I'll have to rewatch this a few times though to grasp all of it. Thank you!

Great video, thank you. Are you planning on doing a deeper dive into this topic? There are many more pieces to this part of Azure that are difficult to understand, such as the difference been App Registration tokens and Enterprise Application tokens, SAML (RP) configurations, API access permissions, etc.

Thanks Jhon for the tutorial video. As you initially said if you learn why then how part becomes easier. Completely agree and the way how you dissect and explain its very good of you. Cheers

Microsoft should be so proud of you. You help many Admins on this World to transition to the next level. Thank you very much sir

Thanks for the great content. I just wanted to make tiny addition/correction (but what i believe its important especially when trying understand these cryptography related things :) ), when the pkce added to code grant flow, first, client sends the sha256 hashed -cipher- of random string that its generated (as you said in the video) and then from the backchannel it does not sends the cipher again, it sends the plain text string generated in the beginning(with tls secured) and delegates it to idp to hash it with sha256 and compare the two hashes and understand that if its the same client. The video is great as always, thanks for sharing these kind of qualified contents.

Very useful and complicated topic. Thanks for breaking the complicacy and make it easier to understand.

Thanks you Savill... while I understood the nuances of OAuth 2.0 flows and the AppID, SP and Managed Identities, could not tie them all together... this is really good. Thank you

Always been confused on this topic, what a clear and simple explanation . Thanks a lot❤.

Thanks a lot John, you made complicated and confusing concepts easy enough to understand.

tyvm！great videos, I really have a struggle on azure but thanks to this video , it is so clear

Explained wonderfully!! Easiest explaination I have come across. Thank you for the content.

The best video I have found on this topic, thank you John.

Very useful. Much appreciated. Thank you for all your efforts John!

This has to be the best explanation of Azure App Directory and its working.. Thanks John.

Best and concise explanation of IDP and Azure AD. Thanks!

Someone said: If you can't explain it simply, you don't understand it well enough I was enjoying this video just like eating a piece of cake. Not only this video, but all your channel is also saving tons of time for our world lol. Cheers buddy

Thank You John, it was a very good session , you explain very well, appreciate it.

Thank you for the amazing clear explanation! You are doing great!

Very helpful explanation, and well presented, love how you used the virtual whiteboard, very effective and dynamic visual aid. I'm trying to resolve how AppRoles work and how to get the "roles" attribute that OIDC can pass back to populate based on mappings of "Users and Groups" (say a group) to a specific application role defined by a developer within a multi-tenant app.

Top Job John - crystal clear big man. thank you

Thank you for another informative video John, keep up the good work :-)

This is how you teach. I'm shocked, man. Fantastic work and thank you.

Can't thank you enough for all your work. Just wonderful. 👍

Awesomely explained, you rock!

That's really an awesome work. Concepts are well articulated. Could you please explain more on back channel and front channel logic. That would also help us understand clearly why client receives code and then token separately due to security concerns.

Great video John. Very well explained. Thank you!

Great content; very clear and detailed. Thanks a lot!

This is the best one I have see.

Absolute gem of a video

Great video. Totally makes sense :) Thank you so much!

You have explained it very well, thank you!

Thanks for breaking it down..I had to watch it twice :-)

Perfectly explained! Thanks a lot for the video!

You are the best guru in the universe!! Thanks for sharing awesome topics

Great explanation John..! thanks a lot for making this so simple..!

Thank you, really helps me to connect the dots.

Very well explained! I finally understood this! :D Thank youuuuuu!!!!

Very good explanation thanks John

Best app registration explanation ,Amazing job.

Very helpful. Great Explanation. Thanks a lot John :)

Thanks John, very helpful!

Thank you for the great explanation - Incredibly useful!!

Thanks John...very useful and well explained! 👍

great tutorial, on your diagram labeling the Client as "Client App" would help to provide clarity. Once you mentioned "Client App" things became clearer

Incredibly helpful!