To deploy your app to an Azure resource (to an app service or to a virtual machine), you need an Azure Resource Manager service connection.
https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=vsts
When you have code that needs to access or modify resources, you can create an identity for the app. This identity is known as a service principal. You can then assign the required permissions to the service principal. This article shows you how to use the portal to create the service principal. It focuses on a single-tenant application where the application is intended to run within only one organization. You typically use single-tenant applications for line-of-business applications that run within your organization.