MS Graph (or alternative) for M365/O365 Retention Policy management

JeremyTBradshaw, yeah, mine went back am forth too but I managed to get a workaround without the ticket. Just before you get your hopes up, my issue was a bit different to yours and I managed to get it working with in Azure Function App

Connect-IPPSSession -Credential $RunAs -ConnectionUri "https://ps.compliance.protection.outlook.com/powershell-liveid/";
$sessions = Get-PSSession;
Import-Module (Import-PSSession $sessions[$sessions.Count - 1] -AllowClobber) -Global
$retentionPolicy = Get-RetentionCompliancePolicy -Identity $retensionPolicyName -DistributionDetail;

What also helped me was I added this to the ExchangeOnlineManagement.psm1 file, around line 611

process {
        try {
            $EOPConnectionInProgress = $true
            if ($isCloudShell -eq $false) {
                Write-Host "Connect-ExchangeOnline -ConnectionUri $ConnectionUri -AzureADAuthorizationEndpointUri $AzureADAuthorizationEndpointUri -UserPrincipalName $UserPrincipalName.Value -PSSessionOption $PSSessionOption -Credential $Credential.Value -BypassMailboxAnchoring:$BypassMailboxAnchoring -ShowBanner:$false -DelegatedOrganization $DelegatedOrganization -Prefix $Prefix -CommandName $CommandName -FormatTypeName $FormatTypeName -UseRPSSession:$true"
                Connect-ExchangeOnline -ConnectionUri $ConnectionUri -AzureADAuthorizationEndpointUri $AzureADAuthorizationEndpointUri -UserPrincipalName $UserPrincipalName.Value -PSSessionOption $PSSessionOption -Credential $Credential.Value -BypassMailboxAnchoring:$BypassMailboxAnchoring -ShowBanner:$false -DelegatedOrganization $DelegatedOrganization -Prefix $Prefix -CommandName $CommandName -FormatTypeName $FormatTypeName -UseRPSSession:$true
            } else {
                Write-Host "Connect-ExchangeOnline -ConnectionUri $ConnectionUri -AzureADAuthorizationEndpointUri $AzureADAuthorizationEndpointUri -PSSessionOption $PSSessionOption -BypassMailboxAnchoring:$BypassMailboxAnchoring -Device:$Device.Value -ShowBanner:$false -DelegatedOrganization $DelegatedOrganization -Prefix $Prefix -CommandName $CommandName -FormatTypeName $FormatTypeName -UseRPSSession:$true;"
                Connect-ExchangeOnline -ConnectionUri $ConnectionUri -AzureADAuthorizationEndpointUri $AzureADAuthorizationEndpointUri -PSSessionOption $PSSessionOption -BypassMailboxAnchoring:$BypassMailboxAnchoring -Device:$Device.Value -ShowBanner:$false -DelegatedOrganization $DelegatedOrganization -Prefix $Prefix -CommandName $CommandName -FormatTypeName $FormatTypeName -UseRPSSession:$true
            }
        } finally {
            $EOPConnectionInProgress = $false
        }
    }

This outputs the underlying command Connect-IPPSSession actually executes

svermaak_MGL unfortunately my MS Support case spiraled, went nowhere and was closed with this guidance:

"As I have got the answer from my resources and we request you please use the following command ‘Connect-ExchangeOnline’ for future as both are global commands and nothing can we change. I am apologize for this.. 

We have a new preview version of the ExchangeOnlineManagement module that support the legacy Get-Mailbox without need for Basic Authentication through ‘Connect-ExchangeOnline’.

Please follow the link for more information.

Exchange Online PowerShell v2 Module Preview – Now More Secure - Microsoft Tech Community

Please let me know if you have further questions/any update on this."

I did respond and said that Connect-ExchangeOnline is not an alternative to nor a replacement for Connect-IPPSSession and mentioned that it was the EXO Cmdlets preview feedback email team who advised for MS Support cases to be opened to request the feature, and that clearly this case did not get received well.

For now, giving up, moving, using Basic Authentication against Connect-IPPSSession until whenever it's possible to not do this.