I’ve just been looking at the Microsoft docs (as I had to look something else up for myself).
Looking at the Client Credentials flow, but it could apply to other grant types.
Microsoft now support an “access token request with a certificate”.
The main difference being that the client_secret parameter is replaced by the client_assertion_type and client_assertion parameters.
Looking through the Postman Authorization helpers, I’m not sure they support this type of flow yet.
This sounds like its related to this topic.
AuthType OAuth2.0 Client Secret is always required - 
Help - Postman Community