https://adatum.no/azure/azure-active-directory/azure-application-registrations-enterprise-app-managed-identities
RBAC (role-based Access Control) in azure is done by adding role assignment.
Microsoft has a very robust identity platform in Azure AD. And by creating an application registration you can use this platform to authorize and authenticate various and multiple clients (Mobile, web apps, etc).
When creating an application registration you establish a trust relationship between the Microsofts identity platform and your custom application, meaning you trust Microsoft, but Microsoft does not trust your application in the same way.
You can create single-tenant, multi-tenant, and Microsoft (liveid) based app registrations or a combination of them. But the application definition is only tied to its home directory.
Simplest terms, app registrations are identities for software applications. Rather than verifying a users identity and auth, you can tell an azure application to verify another applications identity. Good luck & have fun!
