Windows Authentication and Graph API

Question

We have an on-premise enterprise MVC application in .Net 6.0 that uses Windows Authentication and identity in app pool. The identity is a service account that has elevated privileges above any individual user. Every user in the company including the service account is in Azure Active Directory. We would like to utilize Microsoft Graph APIs as part of some new features. All of these features involve permissions above any individual users can grant. I have looked through a lot of documentation and various SDKs but still confused about exactly how to implement this. The Graph APIs will be called from both C# and Javascript. In this setup,

1. Do I still need to register an app in Azure since that MVC app itself "run as" a user (the service account)? Meaning, can I call Graph APIs as the service account, without registering the app? How?
2. In all the SDKs I've walked through, they all start with "login/logout" before an access token is obtained. Since in this MVC web app, all users must be "logged in" to the company network already, I assume I can skip this login/logout piece? If so, do I still need to obtain an access token before calling Microsoft Graph APIs? How?
3. If access token is required, it seems that we can utilize some NuGet packages to manage access token, and obtain a new token when an old one has expired? If possible, I would like to delegate the details of the whole access token acquisition to something else and not worry about it in my code.
4. Is there an SDK or step-by-step guide that focus on Windows Authentication?