Allow 3rd party native clients to call SP.Oauth.NativeClient Authenticate endpoint
Currently _api/SP.Oauth.NativeClient/Authenticate API endpoint is locked so that you can call this endpoint only if bearer token is granted by specifics MS azure apps.
This is only way to get SP authentication cookie by bearer token and it seems that every MS mobile apps use this method to acquire authentication cookie. Teams, mobile sharepoint app etc...
When developing mobile apps you are now forced to do multiple authentications to open Sharepoint page or forced to store client credentials order to call vtibin/idcrl.svc/ which is another way to get SP authentication cookie programmatically.
You can't create azure app which can grant bearer token for this endpoint.
Allow own azure app to grant bearer token which can call this endpoint.