@Siegfried Heintze , Ok lets take few steps back and start from the part of understanding AAD and why are applications added to it? First thing, AAD is an IDM (Identity Management Service), which maintains users' identities. Now when you create an application in your dev machine and want users of AAD to login there, in that case, the user first needs to be authenticated by AAD. But then the question comes, get authenticated for what? The answer to that is to get authenticated for your App. Now does AAD know your app till now. The answer is no, AAD has no clue about your app. Hence to make AAD aware of you app, you need to register your App using the App Registration Portal (in case of OAuth Apps). Once the registration is done, AAD is aware of your app and hence when a request comes from this app to get a user authenticated, AAD trusts your app and hence would get the user authenticated for your app and send an access token back for your app to consume and know that the user is authenticated. This is how your app gets protected by AAD, irrespective of the platform it is hosted on (whether on Azure App Service Platform or on your on-prem WebServer).
The same concept holds true for your Function App acting as an API. The Function App's code works as an API, but then once you add this function app to AAD, AAD now knows your Function App, but it doesnt know whether this app is a normal app or an API. So once you expose this App as an API, AAD also has that information and treats this app as an API and makes it available for other registered Apps in AAD to consume.
Do let me know if this helps in any way. Also I would like to discuss this offline as not possible to explain to the entire application permission for apps here. Still you can refer to the following for understanding: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query