A service principal is created by registering an Azure AD application and then creating a corresponding application user in CDS. If we choose to sign in with an individual user, the CDS action runs in that user context, and in auditing, it shows as the user performed that action. It may cause problems in some scenarios like audit checks/troubleshooting. So better way to do it is to sign in with the service principal/application user. By creating a service principal, we are indirectly creating identification for the flow.