Add Service Principal support documentation for CoE Starter Kit

[Copilot]

Users frequently ask whether the CoE Starter Kit can be installed and managed using Service Principals instead of Service Accounts. The answer varies by component, but this wasn't documented.

Changes

• New documentation: docs/ServicePrincipalSupport.md

  • Component-by-component Service Principal support matrix
  • Service Principal vs Service Account comparison
  • Migration procedures for ALM Accelerator (supported) and Core Components (not supported)
  • Security best practices and FAQ

• Documentation index: docs/README.md

• Main README update: Links to Service Principal documentation

Key Technical Details

Platform Limitation: Cloud flows require user context and cannot be owned by Service Principals. This affects Core, Governance, Nurture, and Audit components.

ALM Accelerator: Fully supports Service Principal via Azure AD application registration with System Administrator privileges:

# Grant required Power App Management permissions
New-PowerAppManagementApp -ApplicationId <app-id>

Recommendation:

• Core Components → Continue using Service Account (required)
• ALM Accelerator → Migrate to Service Principal (recommended)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[CoE Starter Kit - QUESTION] Can the COE Toolkit be Managed by Service Principle?</issue_title>
<issue_description>### Does this question already exist in our backlog?

• I have checked and confirm this is a new question.

What is your question?

Hi team, with regards to the COE Toolkit, I want to ask the below:

• Can COE Toolkit be installed using Service Principle?
• Can the COE Toolkit be managed or updated using Service Principle?

Currently we have the COE Toolkit installed and managed using Service Account and we want to migrate toe Service Principle. What is the best approach?

What solution are you experiencing the issue with?

None

What solution version are you using?

No response

What app or flow are you having the issue with?

No response

What method are you using to get inventory and telemetry?

None</issue_description>

<agent_instructions>Please explain the approach for this</agent_instructions>

Comments on the Issue (you are @copilot in this section)

Custom agent used: CoE Custom Agent
Specialized agent for triaging and fixing issues in the CoE Starter Kit. Always consult the official CoE docs and the team’s SharePoint notes first, then mine prior GitHub issues and the CoE Common Responses playbook.

• Fixes [CoE Starter Kit - QUESTION] Can the COE Toolkit be Managed by Service Principle? #10708

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[muditagarwal2308]

Approved