My company distributes a desktop application for law offices with a background service component that sends and receives mail from a client email account (one email account per law firm that they provision for the application on their own mail server).
We are integrating 2-legged OAuth 2.0 support for Office 365/Exchange, which requires us to register the application in Azure AD and request an access token.
I'm not totally clear on what a standard workflow for this situation would look like. My company does not have an Azure, O365 or Exchange license. I am currently using trial versions of all of these for a proof of concept.
Would it be normal for us to purchase an Azure license, register our application on our own directory, and request API permission from the tenant admin for each law firm?
Or would we request that each law firm register our application individually on their own tenant and grant the necessary API permissions?