Hello, the following block is assuming your priority is automation.
you are looking to bypass multifactor Authentication, which is the main reason why I recommend Using a System Identity with Application Level Permissions. Depending on what resource you are trying to access, it is not necessary to grant the Full graph API Scopes but you can use more Granular Permissions instead. (For Example: Exchange has RBAC for Applications, Entra ID has Custom Roles and Teams has Resource Specific Consent, ...)
I do not understand why you think having a user account, which is not built for application use, where knowing the username and password would give access to the resources you use with your application, is safer than having an application with these permissions, where you could use a certificate as the authentication method, or you have equivalent security with appID + secret.
If you MUST use a useraccount (which again: I do not recommend, since the authentication Protocols are weakened, you are opening yourself to password spray and bruteforcing of a commonly known endpoint)
you would have to
1: Change Conditional Access so that this one Specific User Account is not forced to use MFA
2: If you are not using a klick robot script that can navigate the interactive Logon you would have to implement the ROPC Authentication flow - this would mean that your application would temporarily hold the password of the signed in user anyways and that password would have to be stored somewhere
If, on the other hand, you have an Application that is meant to be used by humans - the popUp is a security measure that is not to be bypassed.