In what capacity do you want to use a TPM with MSAL? I don't believe that this is currently supported.
It sounds like you would want to use the Premium SKU of Azure Key Vault if you have a requirement that the private key never leaves the HSM. MSAL requires the private key be provided as a variable when signing the client certificate.
If you provide more details about your scenario and ideal architecture I may be able to provide additional guidance.