When you register an app in Azure AD using app registration, you create an identity thru which you can access the resources deployed in a subscription (subscription, which trusts that directory i.e. azure active directory.)
After registering an application in azure ad, you get a globally unique instance of the app (the application object) which lives within your home tenant or directory. You also get a globally unique ID for your app (the app or client ID).
Service Principal
The service principal defines the access policy and permissions for the user/application in a single Azure AD tenant *1.
If you register an application in the portal, an application object as well as a service principal object are automatically created in your home tenant. A service principal does have its own object id.
A single application object can have multiple service principals across different Azure AD tenants. Eg: If the application being developed is a single-tenant application, that’s the only Service Principal needed. But if the application is meant to be multi-tenant, you need to create service principal in each tenant that uses it.
Enterprise Applications
The "Enterprise Applications" blade contains the list of existing Service Principals in your tenant. Your own tenant applications will also be represented in the Enterprise Applications blade as Service Principals.
In the Enterprise Apps, you can control in Azure AD who has access to a specific app. Admins can define the app permissions for "Owners", "Users ang groups" and decide policies for "Conditional Access".
Purpose
We typically use app registration to integrate a service with Azure for authentication *2.
Reference
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
Glossary
*1 A tenant is a representation of an organization. It's a dedicated instance of Azure AD that an organization or app developer receives when the organization or app developer creates a relationship with Microsoft - like signing up for Azure, Microsoft Intune, or Microsoft 365.
*2 An Azure subscription has a trust relationship with Azure Active Directory (Azure AD), which means that the subscription trusts Azure AD to authenticate users, services, and devices. Multiple subscriptions can trust the same Azure AD directory, but each subscription can only trust a single directory.
Source: MS Blogs, Internet