If you are referring to the "Enabled for users to sign-in" setting for the Exchange Online service principal, or any service principal for that matter, it should be set to Enabled. Otherwise, anyone trying access any resource serviced by the service principal in question will run into errors. Graph API is not an exception here, by blocking access to the SP object, you're effectively blocking any Exchange Online related Graph API calls.
And yes, said setting is Enabled by default for any organization that has an active M365/Exchange Online subscription. The only scenario I can think of for it being disabled is when all licenses containing the ExO service plan have expired, so the service is in the process of deprovisioning. Well, that and (un)intentional admin action - you can check the audit logs for such.