Azure AD supports 2 protocols: SAML and OAuth. The purpose of both of these protocols is for third-party identity verification on the open internet between a resource owner (user), a resource provider (typically a website/service somewhere on the Internet), and an identity provider. Of course all of this assumes the resource owner has an IP address and can connect to these sites on the Internet. However we are talking about using OAuth with AAD in this case for 802.1X user authentication at layer 2 before the user ever gets an IP address. So that model totally breaks.
For ISE 3.0 and later, ISE uses the OAuth ROPC authentication method with Azure AD to proxy the users' unencrypted username and password sent with PAP in the EAP-TTLS tunnel. This allows us to perform the authentication on the user's behalf (ROPC method) since they will not yet have an IP address to perform the SAML or OAuth dances with the Identity Provider and the desired resource provider (ISE for network access in this case). Once the use has been authenticated, ISE has the ability to lookup the user's group information in AAD, map that to an authorization rule, and allow the appropriate network access (or not).
PEAP does not support the unencrypted PAP authentication method so it cannot be used. Similar, maybe, but not equivalent.