Delegate365 uses two Azure AD applications. They are created through the setup process. Application one is only used for the login process. The second application is used to perform the operations. To change application properties such as branding, terms or settings for multi-tenant apps, you can do this in your own Azure AD.
Admins with application management roles such as global admins can change their tenant's application settings in their Azure portal at Azure AD Active Directory/Registered Apps menu. Search for "Delegate 365", as shown in the following screenshot.
Delegate365 is using the app "Delegate365 Multitenant" for the sign-in of a user. The purpose of the Multitenant app is that users of another M365 tenant can use their work account to log in to the Delegate365 portal with Single Sign-On (SSO). If this feature is not required, an administrator can change this application setting from Multitenant to single tenant, as shown here. This has no effect other than preventing other users (from other Azure AD tenants) from logging in.
The app "Delegate 365" is used for performing all actions that are done in the Delegate365 solution.This app is by default in Single tenant mode only. Administrators can check the permissions in the API permissions.
During a setup process, the apps are preserved, but the certificate is renewed and permissions can be added as needed as new features require it. Delegate365 follows the "least privilege" concept. If the applications are removed, Delegate365 will stop working. They are the binding between the Azure AD tenant and Delegate365.
So, Administrators have full control over application settings in their Azure AD tenant.