Wrote this little snippet that assumes a logged in session (Connect-AzAccount) and easily/quickly produces an auth header.
function get-azRMAccessHeader(){
$profile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$context = Get-AzContext
$client = New-Object Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient($profile)
$header = @{
"Authorization" = "Bearer $($client.AcquireAccessToken((Get-AzContext).Tenant.TenantId).AccessToken)"
}
return $header
}