Hi,
Check this page with the information on the Azure CLi and how the process works with regards to authentication, point is regarding the authentication refresh token and it is not stored on the device as per the MS article authenticate-azure-cli
However the az command and this approach doesn't work with Microsoft accounts or accounts that have two-factor authentication enabled. So it seems to me that device code is used for authentication instead of User v2-oauth2-device-code
Read this thread with the explanation on this. login-to-azure-cli-with-mfa
Hope this helps.
JS
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well