User-assigned identities can be used by multiple resources.The service principal is managed separately from the resources that use it. A service principal of a special type is created in Microsoft Entra ID for the identity.
When you enable a user-assigned managed identity: You can create a user-assigned managed identity and assign it to one or more Azure Resources. You may also create a managed identity as a standalone Azure resource. For a deployment slot, the name of its system-assigned identity is /slots/. The name of the system-assigned service principal is always the same as the name of the Azure resource it is created for.You authorize the managed identity to have access to one or more services.By design, only that Azure resource can use this identity to request tokens from Microsoft Entra ID.When the Azure resource is deleted, Azure automatically deletes the service principal for you. The service principal is tied to the lifecycle of that Azure resource.
When you enable a system-assigned managed identity: Some Azure resources, such as virtual machines allow you to enable a managed identity directly on the resource.
There are two types of managed identities: Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI).