Thanks for the quick response.  I'm reading up on this oauth 2.0 and when I'm registering my powershell script I'm confused because I keep seeing that its more app related than just a simple script running.  I registered the app under the account that receives the emails with reports so I'm not using a different account to access.  The PS1 script I used for v1 uses those credentials securely.  Also in the link you provided(much appreciated), it mentions to get administrator consent via azure portal.  Is this necessary if using same account credentials to basically download its own files from emails?  There is no login url for this script.  

For platform, when I choose "Web" I have to provide redirect URL which I'm not sure what this means as its just a powershell script running on windows scheduler on a server 08 we have on premise.  When I choose "web API" I seem to get app id uri already generated.  I'm not sure what Pre-auithorized applications part mean where it wants ID and scope.  I gave permissions for delegated permissions to mail.read and user.read and app permissions I gave mail.read(admin only), user.read.all(admin only).  Should I be choosing "web api" for my simple powershell scripts?  Was hoping to see an example of someone else's powershell script with oauth to compare how it was done. 

The below API endpoint is my fear that it will stop working soon.  Am I interpreting this incorrectly?

$url = "https://outlook.office365.com/api/v1.0/me/messages"

Admin consent is needed when you want to be able to read messages across the company, and yes you need to be using the webapi type of application for this. Or do you want to simply run this in the context of the signed in user?

Not sure what you mean by your question but I'll try to clarify.  I have a mailbox joe.dirt@abc.com.  I'm using this same account with its password associated in the script to download its own attachments that are in emails.  The script itself runs on our server on a schedule just to execute it.  In other words I'm not using an account that has higher permissions such as tenant admin account to authenticate. 

If it's the context of the actual user, it doesn't need any admin consent, or using the webapi type of app/secret keys. You can simply get a token via the credentials of the user. The problem is that almost all of the methods currently exposed in the API force you to do this interactively, so it's not a good fit for automated scripts. If I remember correctly there is still one method we can use to get the cred via username/password directly, but since I'm not in front of my PC currently I cannot get you the right docs. In general, it boils down to what I'm using here: https://www.michev.info/Blog/Post/1771/hacking-your-way-around-modern-authentication-and-the-powersh...