<t>Internally, managed identities are service principals of a special type, which are locked to only be used with Azure resources. When the managed identity is deleted, the corresponding service principal is automatically removed. Also, when a User-Assigned or System-Assigned Identity is created, the Managed Identity Resource Provider (MSRP) issues a certificate internally to that identity.<br/>
<br/>
Source: What are managed identities for Azure resources?<br/>
<br/>
and<br/>
<br/>
So what’s the difference?<br/>
<br/>
Put simply, the difference between a managed identity and a service principal is that a managed identity manages the creation and automatic renewal of a service principal on your behalf.<br/>
<br/>
Source: What’s an Azure Service Principal and Managed Identity?<br/>
<br/>
EDIT:<br/>
<br/>
Since there seems to be some discussion around the fact User Assigned Managed Identities also exist:<br/>
<br/>
A user assigned managed identity is created by the user. The underlying service principal that's used for accessing resources, however, is being created and automatically renewed for the user. So every type of managed identity (both system and user assigned) is an abstraction of an underlying Service Principal.</t>
