This is simple Azure AD graph call given client ID and secret generated by the AAD administrator. Lists the users. Some error handling.

AccessAzureADGraph.ps1

# Setting default parameters for irm for better error tolerance in case of transient connectivity issues. Can specify Proxy and ProxyCredential here:

$PSDefaultParameterValues = @{
    "Invoke-RestMethod:MaximumRetryCount" = 3
    "Invoke-RestMethod:RetryIntervalSec" = 1
}

# This is simple token request per http://codematters.tech/getting-access-token-for-microsoft-graph-using-oauth-rest-api/

# Credentials JSON per ADAL example at https://github.com/AzureAD/azure-activedirectory-library-for-python/blob/dev/sample/client_credentials_sample.py
<#
{
    "resource": "https://graph.microsoft.com",
    "tenant" : "slmvpsorg.onmicrosoft.com",
    "authorityHostUrl" : "https://login.microsoftonline.com",
    "clientId" : "624ac9bd-4c1c-4687-aec8-b56a8991cfb3",
    "clientSecret" : "verySecret=""
}
#>

function Get-GraphAccessToken {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory=$true)] $SecretsJson, # The credentials JSON file, or path to the file
        [Parameter(Mandatory=$false)] $DirectoryName # Azure AD tenant short name
    )

    try { $secrets = $SecretsJson | ConvertFrom-JSON -ErrorAction Stop } # Try the input as JSON
    catch {$secrets = Get-Content $SecretsJson | ConvertFrom-JSON } # If doesn't parse as JSON, assume it's a file

    $clientid = $secrets.clientId
    $clientsecret = $secrets.clientSecret

    if ($null -ne $DirectoryName) { $DirectoryName = $secrets.tenant } else { throw "No tenant specified as a parameter or in the JSON" }

    if ($DirectoryName.Contains('.')) { # Can be either FQDN, or short name - if short, add onmicrosoft:
        $tokenendpoint = "https://login.microsoftonline.com/$DirectoryName/oauth2/token"
    }
    else {
        $tokenendpoint = "https://login.microsoftonline.com/$DirectoryName.onmicrosoft.com/oauth2/token"
    }

    $form = @{
        grant_type = "client_credentials"
        client_id = $clientid
        client_secret = $clientsecret
        resource = "https://graph.microsoft.com"
    }

    try { $res = Invoke-RestMethod -uri $tokenendpoint -Form $form -Verbose -ErrorAction Stop 
        return $res.access_token
    }
    catch { return $null }
}

$DirectoryName = "YOURAADNAME" # Azure AD tenant name
$accesstoken = Get-GraphAccessToken -DirectoryName $DirectoryName

# Now, on to list of users
# Additional reference: https://blogs.technet.microsoft.com/paulomarques/2016/03/21/working-with-azure-active-directory-graph-api-from-powershell/

$authheader = @{
    "Content-Type" = "application\json"
    Authorization = "Bearer $accesstoken"
 }

$resource = "users"
$uri = "https://graph.microsoft.com/v1.0/$directoryname.onmicrosoft.com/$($resource)"
$u = Invoke-RestMethod -Uri $uri –Headers $authheader –Method Get –Verbose
$users = $u.value

while ($u.'@odata.nextLink' -ne $null) {
    $uri = $u.'@odata.nextLink'
    $u = Invoke-RestMethod -Uri $uri –Headers $authheader –Method Get –Verbose -ErrorVariable err
    if (($err.ErrorRecord.Exception.Response.StatusCode.value__ -eq 401) -and ($accesstoken -ne $null)) { # Refresh access token if expired, resulting in 401
        $accesstoken = Get-GraphAccessToken
        $m = Invoke-RestMethod -Uri $uri –Headers $authheader –Method Get –Verbose
    }
    $users += $u.value
}

$users | Get-Random -Count 10 | Format-Table -auto