It would be nice if the AADInternals commands could support the WAM component integrated by default in Win10 for the authentication process.
This would allow a user to authenticate with its session certificate for example.
See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Integrated-Windows-Authentication or the MSAL.PS Get-MsalToken.ps1 which use it for authentication.

I think this is kind of already there, as you can get access tokens using PRT.

Maybe I'm not using the right term, but let me show you:

With MSAL.PS you're able to log in without providing the credentials. Would it be possible to do the same with AADInternals?

Ah, got you! I'll have a look at some point.