Hello,
- https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade is the right place.
- You only need the first 2 to gain access to messages from a given user mailbox.
- Any global admin will be able to read any user mailbox. For more information please take a look to Commonly used Microsoft 365 admin center roles.
Also:
It's recommended to use a client assertion instead of a client secret since you can have more control over the certificate private key (not include it, secure it with password, etc).
Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.