Basic Authentication Deprecation in Exchange Online – September 2022 Update

Not directly Basic Auth related but is an impact of at least, Hoping to get at least a steer in the right direction on this one.

One question I've had for a while ... it was stated many months ago that the Office 365 Exchange Online API was being removed from the available API's listed when registering any new Azure App Registrations. And that we should be using Microsoft Graph.

That said the public documentation for registering an application for use with EWS  https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth states adding the API permissions that are only existing under said API hence having to add directly to the manifest.

I'm assuming this is because the Microsoft Graph API only has support for Delegated Permissions against EWS. Will Application Permissions support ever be added for EWS under this API? Or will this never happen based on the wanting to remove EWS usage? (If so are there any renewed dates for that?)

Finally on the EWS vs Graph topic is it true when using the native Microsoft Graph to call the Mail. resources (Mail.Read for example) under the hood its using EWS to retrieve that data from Exchange Online?