Azure Web App supports deployment slots. Production slot is the main one and there can be a couple of others. In order to follow a principle of least privilegesdifferent slots should have different security principals for deployment.
A service principal with deployment permissions for only a dedicated slot is useful in order to limit access to production deployment.
Sometimes we need to restrict access to some URL-path of a Web application from Internet while allow to access the whole web site. This kind of restriction might be relevant for example for a administrative user interface or a special API that should not be accessed from Internet.
Here is mine a IT-system documentation template. Once the documentation is in place it is widely used by developers, testers, users and management. Isn’t it much better to just refer to a paragraph in docs and send an URL to a colleague then describe the same thing over and over again in e-mails?