Azure AD验证为设备以获取承载令牌

我有一个加入Azure AD的Intune托管Windows 10设备.

I have an Intune managed Windows 10 device that is Azure AD joined. 

我已配置了在本地设备帐户上运行在托管设备上所需的powershell脚本.

I have powershell scripts configured required to run on managed devices as the local system account. 

在这样的PowerShell脚本中，我想获取应用程序资源(例如O365或MS Graph或存储帐户)的承载访问令牌.由于此过程是非交互式过程，因此不会在AAD用户的上下文中运行(只是加入了AAD 设备)，我试图了解在这种情况下是否有任何方法可以获取令牌.

In such a PowerShell script, I want to acquire a bearer access token for an application resource (e.g. O365 or MS Graph or a storage account). Since this is non interactive process and it’s not running under the context of an AAD user (just an AAD joined device), I’m trying to understand if there is any way to get a token in this context. 

请注意，此问题根本不是特定于Intune的...我只是以PowerShell脚本为例.

问题:我如何通过AAD作为作为SYSTEM上下文运行的托管AAD设备进行身份验证.

谢谢.