Recently I created a proof of concept using a WCF behaviour extension to consume services which require authentication against Azure Active Directory. The idea here is that if you want to consume an API and wish to use a service account credential you can configure the service account in Azure AD or alternatively on premise and use Azure AD Connect to synchronise the ID to the cloud. Once your credential is in Azure AD you can configure a native application in Azure AD and provide access to other services for users who have authenticated against your application.
The WCF Behaviour extension I have created uses the ADAL library to authenticate you against Azure AD and then sets the authentication header when calling the API. The below code snippet shows you what the behaviour looks like internally.
In BizTalk you can then configure a send port to send to an API which is secured with Azure AD and you will be able to easily obtain a token to access the service in a very standard BizTalk fashion through send port configuration. Below is an example of the configuration of the behaviour extension on a BizTalk send port.
The sample for this WCF behaviour can be downloaded from the below link: