The app governance add on provides much more info beyond just delegated permissions. Our value aligns to three pillars:

• Deep visibility & insights into app configuration & high-risk behaviors. Such as priority account access, sensitivity label access, what permissions are in use/not, how much data is being accessed and tailored KQL queries, and more
• Policy-driven governance for Azure-connected apps to meet security & compliance mandates for data access. Such as generate an alert for overprivileged apps, or set up a custom policy to automatically shut down apps that have accessed sensitivity labeled data for a particular workload over a particular threshold data volume
• Comprehensive ML-based detection & remediation of unusual app activity. We offer in built detections based on previously seen attack patterns. You can see a list of our active detections here https://learn.microsoft.com/en-us/defender-cloud-apps/app-governance-anomaly-detection-alerts