Does anyone know how Defender for Endpoint agent installed on Win10 authenticates to the Defender Security services in the companies Azure tenant?
I know that OAuthv2 is used to access the apis outside of the agent but how does the agent itself authenticate. Is MATLS used or does the agent use Oauthv2 with appid, tennantid and client secret transparently?

I have scoured the Internet and can't find any reference to this so any help would be much appreciated.