In what capacity do you want to use a TPM with MSAL? I don't believe that this is currently supported.
It sounds like you would want to use the Premium SKU of Azure Key Vault if you have a requirement that the private key never leaves the HSM. MSAL requires the private key be provided as a variable when signing the client certificate.
Azure Key Vault and Azure Dedicate HSM would be good options to investigate.
This blog post goes over a scenario that seems similar to what you describe, using Python with Azure Key Vault and a private key stored in the HSM. Azure Key Vault, Certificates, and Python, oh my!
If you provide more details about your scenario and ideal architecture I may be able to provide additional guidance.