Our organization has a couple dozen special email accounts (Exchange). No users manually sign into them, but we have a native app that manages the accounts automatically.
I've registered the app in Azure, but I'm having trouble deciding which route to go with the permissions. Delegated permissions doesn't feel right because users never manually sign into these accounts. The app has the account credentials so it could log in, but I don't think there's a way for it to accept permissions like that. Application permissions feels like overkill, and likely a security issue to grant the app access to so many users it doesn't need.
Is there a way to automatically grant permission to a small set of users? Either individually, or by putting them in a group and granting permissions to that group?