An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources. This access is restricted by the roles assigned to the service principal, giving you control over which resources can be accessed and at which level. For security reasons, it's always recommended to use service principals with automated tools rather than allowing them to log in with a user identity.
Managed Identity has a service principal built-in.
Managed Identity creates an enterprise application under the hood. This application is like the AAD app.
You can enable a managed identity directly on a service instance. When you allow a system-assigned managed identity during the creation of the service, an identity is created in Azure AD tied to that service instance's lifecycle. By design, only that Azure resource can use this identity to request tokens from Azure AD. So when the resource is deleted, Azure automatically deletes the identity for you. Azure Synapse Analytics requires that a system-assigned managed identity must be created along with the Synapse workspace.
A managed identity can also be created as a standalone Azure resource. The user-assigned managed identity can be created and then assigned to one or more instances. In user-assigned managed identities, the identity is managed separately from the resources that use it.
You can create, delete, and manage user-assigned managed identities in Azure Active Directory.