Azure

Understanding the different IDs in Azure

When working with Azure, you’ll encounter various types of IDs in the form of GUIDs (Globally Unique Identifiers). Understanding these IDs is crucial for managing resources, setting up authentication, and working with the Azure CLI.

Subscription ID

The Subscription ID is a GUID that uniquely identifies your Azure subscription.

Where to find it

Azure CLI

# List all subscriptions
az account list --output table

# Get the current subscription
az account show --query id -o tsv

Resource ID

The Resource ID is a unique identifier of any resource in Azure. It follows the format:

/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}

Where to find it

Azure CLI

In the Azure CLI, the Resource ID is stored inside the id property.

# Get resource ID for a specific resource
az resource show --name <resource-name> --resource-group <resource-group-name> --resource-type <resource-type> --query id -o tsv

# Get resource ID of a storage account
az storage account show --name <storage-account-name> --resource-group <resource-group-name> --query id -o tsv

# List all resource names and there resource IDs in a resource group
az resource list --resource-group <resource-group-name> --query '[].{name:name, id:id}' -o table

Note: Resource IDs are case-insensitive, but it’s best practice to maintain the casing shown in the Azure Portal for consistency.

Application (Client) ID

The Application ID, also known as Client ID, is a GUID that identifies your registered application in Microsoft Entra ID (formerly Azure AD). This ID remains consistent even when the application is shared across different tenants.

Where to find it

Azure CLI

In the Azure CLI, the Application ID is accessed through the appId property.

# List all application IDs
az ad app list --query "[].{displayName:displayName, appId:appId}" -o table

# Get specific application by its Application (Client) ID
az ad app show --id <application-id> --query appId -o tsv

# Find application ID by display name (returns first match)
az ad app list --display-name "<app-name>" --query "[0].{name:displayName, appId:appId}" -o table

Object ID

The Object ID is a unique identifier for any object (user, group, service principal, application) in Microsoft Entra ID. Important: Object IDs are tenant-specific - the same application will have different Object IDs in different tenants.

Where to find it

Azure CLI

# Get Object ID for a service principal (using Application/Client ID)
az ad sp show --id <application-id> --query id -o tsv

# Get Object ID for an app registration
az ad app show --id <application-id> --query id -o tsv

# Get Object ID for a user
az ad user show --id [email protected] --query id -o tsv

# Get Object ID for a group
az ad group show --group <group-name> --query id -o tsv

Tenant ID

The Tenant ID uniquely identifies your Microsoft Entra ID tenant (directory).

Where to find it

Azure CLI

# Get current tenant ID
az account show --query tenantId -o tsv

# List all tenants
az account tenant list --query "[].{tenantId:tenantId, name:name}" -o table

Tips to Remember

  1. Always specify output format in Azure CLI for better readability:
    • -o table for human-readable tables (best for viewing multiple properties)
    • -o tsv for script-friendly output (perfect for pipelines and automation)
    • -o json for detailed information (includes all available properties)
    • -o yaml for hierarchical view of the data
  2. Common ID relationships:
    • Application (Client) ID ≠ Object ID (different identifiers for the same app)
    • Service Principal Object ID ≠ Application Object ID (they represent different objects)
    • Multiple Service Principals can reference the same Application ID (one app, multiple tenants)
    • Resource IDs are globally unique across all of Azure
    • Object IDs are unique only within a single tenant
comments powered by Disqus