diff --git a/azuread/resource_service_principal.go b/azuread/resource_service_principal.go
index 519d24cbea..c2d09d937f 100644
--- a/azuread/resource_service_principal.go
+++ b/azuread/resource_service_principal.go
@@ -55,7 +55,6 @@ func resourceServicePrincipal() *schema.Resource {
 			"tags": {
 				Type:     schema.TypeSet,
 				Optional: true,
-				ForceNew: true,
 				Set:      schema.HashString,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
@@ -115,6 +114,15 @@ func resourceServicePrincipalUpdate(d *schema.ResourceData, meta interface{}) er
 		properties.AppRoleAssignmentRequired = p.Bool(d.Get("app_role_assignment_required").(bool))
 	}
 
+	if d.HasChange("tags") {
+		if v, ok := d.GetOk("tags"); ok {
+			properties.Tags = tf.ExpandStringSlicePtr(v.(*schema.Set).List())
+		} else {
+			empty := []string{} // clear tags with empty array
+			properties.Tags = &empty
+		}
+	}
+
 	if _, err := client.Update(ctx, d.Id(), properties); err != nil {
 		return fmt.Errorf("Error patching Azure AD Service Principal with ID %q: %+v", d.Id(), err)
 	}