I feel stupid... It was not related to the Azure configuration per say. It was an additional parameter i didn't see in the initialisation of the Authentication on the server.

I was using passeport-microsoft strategy and changing prompt: 'consent' solved the issue :

authenticate(req: any, options: any) {
    options = {
      ...options,
      accessType: 'offline',
      prompt: 'select_account',  // previsously was 'consent'
      loginHint: req.params.loginHint,
      state: JSON.stringify({
        transientToken: req.params.transientToken,
        redirectLocation: req.params.redirectLocation,
        calendarVisibility: req.params.calendarVisibility,
        messageVisibility: req.params.messageVisibility,
      }),
    };

    return super.authenticate(req, options);
  }

this thread helped me find out

Thanks for your help @Rukmini