Hello @Patrick Robertson and thanks for reaching out. Migrating from ADAL to MSAL should've minimal if no impact in the Azure AD app registration. It's correct that an app must be treated as public client for ROPC flow. The obtained access token should work unless a v2 token is used to access an api that accepts v1 or the other way around, however this is most common in OBO flows where different apis have accept different token versions. If this is not your case and the issue persists, please post more detail about it, E.g. An Azure AD error code and/or debugging information: timestamp and correlation id.
Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.