I have numerous scripts/bits of code I'd like to run against AzureAD. How can I authenticate from a script? Obviously if using the powershell cmdlets I can supply a username password but then that user needs to be excluded from MFA, risky sign ins etc. Is this the general recommended approach or can I use certs or the like or an app registration? What pattern should I be using??