the GraphApi uses a jwt bearer access token you get by calling the azure oauth server. It does not use windows authentication. the "signed in user" is the use defined in the acc css token.
if your website use azure ad oauth, you could have an access token that represented the user. In you case you will probably create an application id, and secret used by the server application to get an access token. you will assign a service account to this azure ad application when you grant it graph api access. this account will be the "signed in user"