You should create your own authentication adapter, unfortunately, Azure Active Directory integration is something very special.
For example, in the case of the Professional edition, this kind of authentication is solved with a specialized application in the front that does the authentication. Basically is not possible having an application that is able to authenticate with all the possible login vendors because some of them are incompatible with each other, for this reason, the authentication must be done on another side. I think the CE should be thought of in the same manner.
In Spring you'll find Azure AD integration implementation but for the latest Spring and CE is not built in the latest spring (The professional edition goes for version 2.7 or upper but CE is the lower version ). Anyway, the goal is to build an application in the front that manages this authentication and then forward it to the OpenKM with autologin ( something like OAuth authentication request ).