• app registration
• authentication and authorization
• https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/
• https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals
• The configuration that is under Enterprise applications is the security/service principle used by the app.
• https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
• application permissions vs. delegated permissions

• The App Registration represents the application object and the Enterprise Application represents the security principle.

When the MS Graph Powershell module connects to MS Graph for the first time the user will be prompted to consent to the permissions/scope needed.

Over time, the permissions held by the service principal will be those granted at the initial time of consent plus any other permissions granted subsequently as people work with the interactive client. In other words, the service principal collects aggregated permissions over time. For this reason, it’s not recommended to use the Graph SDK cmdlets interactively because if you do, over time a distinct possibility exists that the service principal will become very over-permissioned and therefore becomes a security risk.