I'm using the Microsoft Graph API to manage files (create, read, update, delete) within a SharePoint drive. What's the best way to control access for my App Service? Here's what I'm considering:

• Delegated Permissions vs. Application Permissions: Which is more suitable for my scenario?

• Delegated Permissions: If this is the way to go, how do I properly assign the required identity to the App Service? Can I use a system user?

Additional Notes: I'm relatively new to Azure administration, so any guidance is much appreciated!