This is a very annoying thing since most documentation describing Azure AD user authentication is not very clear about using access tokens to authenticate a user.
If you follow the example on Microsoft page you will be doing the all right things but if you intend to use access token to authenticate you will likely encounter 401 even if you pass a proper access token. Especially if you are using Postman.
So this is because you are using the wrong version of the authenticate API URLs for Azure AD.
The fix is to use the v2.0 of the login URLs and scopes.
Access Token URL:
Found the fix finally in stackoverflow after alot of searching. It’s hard to find the exact documentation that you need: https://stackoverflow.com/questions/57496143/azure-functions-returns-401-unauthorized-only-with-postman
For postman if you Authorization tab in your request you can ask Azure AD to generate you a new access token: