Is it possible to restrict the Application API permissions of an Azure AD web application to one account?

I'm developing an AWS Lambda function which will need to access an Outlook 365 inbox at a regular interval. I'm using Graph API for accessing the inbox.

I created a new Azure AD web application registration using the Azure Active Directory admin center.(https://aad.portal.azure.com/) When assigning API Permissions to my app, I have an option to choose between Delegated permissions and Application permissions. I can't use delegated permissions since my code will run without any user interaction.

When choosing application permissions, I can't find a way to restrict the permission to one user account. For example, if I try to give the app Mail.Read application permission, it'll get access to all mailboxes in the enterprise. Or maybe I'm interpreting the permission description incorrectly.

How do I give my app API permissions to one user's mailbox?

This issue was solved by Shiva's comment, add it as the answer to close the question:

Some apps call Microsoft Graph using their own identity and not on behalf of a user. For example, the Mail.Read application permission allows apps to read mail in all mailboxes without a signed-in user.

Configuring ApplicationAccessPolicy is used to limit the app access to a specific set of mailboxes.

1.Connect to Exchange Online PowerShell

Connect-ExchangeOnline -UserPrincipalName <UPN> [-ExchangeEnvironmentName <Value>] [-DelegatedOrganization <String>] [-PSSessionOption $ProxyOptions]

2.Identify the app’s client ID and a mail-enabled security group to restrict the app’s access to.

3.Create an application access policy.

New-ApplicationAccessPolicy -AppId e7e4dbfc-046f-4074-9b3b-2ae8f144f59b -PolicyScopeGroupId EvenUsers@contoso.com -AccessRight RestrictAccess -Description "Restrict this app to members of distribution group EvenUsers."

For more details about New-ApplicationAccessPolicy, see here.