Connect to AAD via a AAD Registered WebApp leveraging AzureADUtils or AzureAD PS ADAL Modules and a Certificate. Associated blogpost https://blog.darrenjrobinson.com/creating-an-azuread-webapp-using-powershell-to-leverage-certificate-based-authentication/

Connect to AAD via WebApp using a Certificate.ps1

# AzureAD Tenant, WebApp and Cert details
$appId          = 'a8659035-d8ac-4c5a-a6f2-copiedfromApp&CertCreationScript'
$appObjectId    = 'e85499b7-a46e-44c5-9716-copiedfromApp&CertCreationScript'
$resource       = "https://graph.windows.net" 
$tenantId       = "ba7d6538-9c5f-4561-a189-copiedfromApp&CertCreationScript"
$certThumbprint = "5258B9B417A12F211E579D5236BD6C57DEDC7BB7"

$x509cert = Get-ChildItem "cert:\localmachine\my" | ? { $_.Thumbprint -eq $certThumbprint } | Select-Object -First 1

Import-Module AzureADUtils
Import-Module AzureAD

# Connect using PowerShell Modules with the Certificate via the App
Connect-AzureAD -TenantId $tenantId -ApplicationId $appId -CertificateThumbprint $certThumbprint
$AADusers = Get-AzureADUser
$AADusers.Count

# Connect to GraphAPI via the AzureADUtils PS Module
$accesstoken = Get-AzureADGraphAPIAccessTokenFromCert -Certificate $x509cert -ClientId $appId -TenantDomain $tenantId

# Query via GraphAPI and the AzureADUtils PS Module
$users = Invoke-AzureADGraphAPIQuery -AccessToken $accesstoken -TenantDomain $tenantId -GraphQuery "/users?api-version=1.6"
$users.count