AADApplication: Support for adding custom security attributes to enterprise applications and confusion about best resource to use

[adhodgson1]

I would like the ability to tag enterprise applications with custom security attributes so we can use the application filtering in conditional access policies.

Looking at this the underlying functionality to do this in the Graph module is done via the MgServicePrincipal cmdlets rather than on the application cmdlets that the AADApplication resource is using.

Which is the best resource to manage the enterprise apps, typically deployed via application templates from the gallery? I notice that many of the fields in the underlying PowerShell cmdlets are the same in both cases, so if I can manage these apps via the AADServicePrincipal resource and I could just add the fields required for the custom security attributes that would be a way forward.