Update 1/20/2022: We have edited this post for clarity based on customer feedback.
Over the last few years, we have invested heavily in Microsoft Graph to enable developers to access the rich data ...
Updated Jan 20, 2022
Version 5.0
Blog Post
Hi MGSpaceCaptain , in your code, I don't see what 'Connect-MSGraph -Scopes "User.ReadWrite.All"' is doing, it's just there at the start, but then everything else is an app getting it's own confidential client access token using a client secret.
From here Update profilephoto - Microsoft Graph v1.0 | Microsoft Docs - it says that if an app will need to update any user's photo, it needs to have "User.ReadWrite.All" application permission. So, I think that's where you're getting the idea to do the Connect-MSGraph step. Instead, go to your app registration in the Azure AD portal and grant it the User.ReadWrite.All application permission and grant it the consent there too. Then just omit the Connect-MSGraph step from your code, as the scope will already be automatically granted (via the granted/consented API application permission).
Edit: PS. You could give MSGraphPSEssentials a try for your task at hand. It would be an easy way for you to switch from client secret to certificates, while also making it easy to get your app's access token and then submit your request(s) to update the photo(s). If you have trouble, I can help through a GitHub discussion (at no guaranteed pace of course).