I'm confused by the fact you can add multiple platforms when creating an application in Azure Active Directory. When going to "Authenthication" there is the option to add multiple platforms (SPA, Web etc.).
What would be the difference of adding two platforms to a single application, so SPA and Web instead of a single application for both? In what instance should/could you use multiple platforms on the single application instead of creating an application for each?
If you have a Web front-end + a different SPA front-end + maybe a mobile app, they will all have the same permissions available that have been granted to your app. This can be useful when these different front-ends and back-ends are really part of one application. If you need them to have different permissions, then you must use separate app registrations.
For a multi-tenant application for example it can be quite a lot easier to handle consent if there is only one app registration.
Another difference is how the access tokens to itself are handled. If you use one app registration for a SPA front-end and API back-end, the front-end can specify any scope (delegated permission) on the API that it wants, no consent will be asked. If the SPA and API are separate app registrations, then consent is required for any permission.
It wasn't always possible to add multiple platforms to one app registration. You used to have to make separate ones for each part.