@Thijs Lecomte Thanks for the info, this is great.

I wonder how/when this will factor into the Intune PowerShell SDK.  I suppose they Connect-MSGraph cmdlet from the module/SDK will just need to get some client credential flow functionality added.

@Thijs Lecomte Thanks very much for this.

https://github.com/JeremyTBradshaw/PowerShell/blob/master/.Modules/msGraphFunctions.psm1 - that is my module.  It currently is setup to accommodate certificate authentication in the client credential flow.  The functions are: 

Get-MSGraphAccessToken
New-SelfSignedAzureADRegisteredAppCertificate
New-MSGraphQuery

For my example which is was failing, I'm I was getting an access token successfully, and then with New-MSGraphQuery can could successfully list devices using v1.0 or beta:

# list devices via v1.0:
>$q1 = New-MSGraphQuery -AccessToken $Token -API v1.0 -Method GET -Query deviceManagement/managedDevices
>$q1.value | select deviceName, model

deviceName                         model
----------                         -----
HTPC-G1                            Z390 I AORUS PRO WIFI
j_AndroidForWork_6/9/2020_10:12 PM ONEPLUS A5010

# list devices via beta:
>$q2 = New-MSGraphQuery -AccessToken $Token -API beta -Method GET -Query deviceManagement/managedDevices
>$Q2.value | select deviceName, model

deviceName                         model
----------                         -----
HTPC-G1                            Z390 I AORUS PRO WIFI
j_AndroidForWork_6/9/2020_10:12 PM ONEPLUS A5010

# fail to remoteLock via Beta:
>New-MSGraphQuery -AccessToken $Token -API beta -Method POST -Query deviceManagement/managedDevices/9e250f72-a995-401d-8e32-7edf7fdb2eba/remoteLock
Invoke-RestMethod : {
  "error": {
    "code": "No method match route template",
    "message": "No OData route exists that match template ~/singleton/navigation/key/action with http verb GET for request
/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDevices('9e250f72-a995-401d-8e32-7edf7fdb2eba')/microsoft.management.services.api.remoteLock.",
    "innerError": {
      "request-id": "01f99d16-88e2-4b2c-b053-0fbfaec43947",
      "date": "2020-06-11T12:39:08"
    }
  }
}
At C:\Users\<myProfile>\GitHub\PowerShell\.Modules\msGraphFunctions.psm1:125 char:5
+     Invoke-RestMethod @QueryProps -OutVariable QueryResponse
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Upon crafting this reply, I noticed in the error "No OData route exists ....... with http verb GET for request".  This made me realize my problem.  I had hard-coded "Get" as the method in my New-MSGraphQuery function, where I should have set it to my parameter -Method's value ($Method).

Original, non-working code:

    $QueryProps = @{

        Headers     = @{ Authorization = "Bearer $($AccessToken.access_token)" }
        Uri         = "https://graph.microsoft.com/$($API)/$($Query)"
        Method      = 'Get'
        ContentType = 'application/json'
    }

Fixed, working code:

    $QueryProps = @{

        Headers     = @{ Authorization = "Bearer $($AccessToken.access_token)" }
        Uri         = "https://graph.microsoft.com/$($API)/$($Query)"
        Method      = $Method
        ContentType = 'application/json'
    }

Again, thanks very much!  I still needed this post and your response to get me looking at the Beta reference instead of v1.0.  It was only after that, that I could flush out this error in my script.  The -Method parameter was added to the function after a while, and I must have gotten distracted in the process and forgot to actually incorporate the parameter into the script after declaring in my params block.  All good now though!