diff --git a/x-pack/filebeat/input/o365audit/auth/cert.go b/x-pack/filebeat/input/o365audit/auth/cert.go
index 571cbf56b2d8..186bbfea947d 100644
--- a/x-pack/filebeat/input/o365audit/auth/cert.go
+++ b/x-pack/filebeat/input/o365audit/auth/cert.go
@@ -5,7 +5,6 @@
 package auth
 
 import (
-	"crypto"
 	"crypto/rsa"
 	"crypto/x509"
 	"fmt"
@@ -17,9 +16,7 @@ import (
 
 // NewProviderFromCertificate returns a TokenProvider that uses certificate-based
 // authentication.
-func NewProviderFromCertificate(
-	endpoint, resource, applicationID, tenantID string,
-	conf tlscommon.CertificateConfig) (sptp TokenProvider, err error) {
+func NewProviderFromCertificate(resource, applicationID, tenantID string, conf tlscommon.CertificateConfig) (sptp TokenProvider, err error) {
 	cert, privKey, err := loadConfigCerts(conf)
 	if err != nil {
 		return nil, fmt.Errorf("failed loading certificates: %w", err)
@@ -33,7 +30,7 @@ func NewProviderFromCertificate(
 	return (*credentialTokenProvider)(cred), nil
 }
 
-func loadConfigCerts(cfg tlscommon.CertificateConfig) (cert *x509.Certificate, key crypto.PrivateKey, err error) {
+func loadConfigCerts(cfg tlscommon.CertificateConfig) (cert *x509.Certificate, key *rsa.PrivateKey, err error) {
 	tlsCert, err := tlscommon.LoadCertificate(&cfg)
 	if err != nil {
 		return nil, nil, fmt.Errorf("error loading X509 certificate from '%s': %w", cfg.Certificate, err)
@@ -48,9 +45,9 @@ func loadConfigCerts(cfg tlscommon.CertificateConfig) (cert *x509.Certificate, k
 	if tlsCert.PrivateKey == nil {
 		return nil, nil, fmt.Errorf("failed loading private key from '%s'", cfg.Key)
 	}
-	_, ok := tlsCert.PrivateKey.(*rsa.PrivateKey)
+	key, ok := tlsCert.PrivateKey.(*rsa.PrivateKey)
 	if !ok {
 		return nil, nil, fmt.Errorf("private key at '%s' is not an RSA private key", cfg.Key)
 	}
-	return cert, tlsCert.PrivateKey, nil
+	return cert, key, nil
 }
diff --git a/x-pack/filebeat/input/o365audit/config.go b/x-pack/filebeat/input/o365audit/config.go
index dd419c546790..312c1b7823ee 100644
--- a/x-pack/filebeat/input/o365audit/config.go
+++ b/x-pack/filebeat/input/o365audit/config.go
@@ -197,7 +197,6 @@ func (c *Config) NewTokenProvider(tenantID string) (auth.TokenProvider, error) {
 		)
 	}
 	return auth.NewProviderFromCertificate(
-		c.API.AuthenticationEndpoint,
 		c.API.Resource,
 		c.ApplicationID,
 		tenantID,
diff --git a/x-pack/filebeat/input/o365audit/contentblob.go b/x-pack/filebeat/input/o365audit/contentblob.go
index 25247e3f04d9..d24c60461421 100644
--- a/x-pack/filebeat/input/o365audit/contentblob.go
+++ b/x-pack/filebeat/input/o365audit/contentblob.go
@@ -107,7 +107,7 @@ func (c contentBlob) handleError(response *http.Response) (actions []poll.Action
 	}
 
 	switch response.StatusCode {
-	case 401: // Authentication error. Renew oauth token and repeat this op.
+	case 401: // Authentication error. Repeat this op.
 		return []poll.Action{
 			poll.Fetch(withDelay{contentBlob: c, delay: c.env.Config.PollInterval}),
 		}
diff --git a/x-pack/filebeat/input/o365audit/listblobs.go b/x-pack/filebeat/input/o365audit/listblobs.go
index 2ce098594f64..bdb3a232fb7d 100644
--- a/x-pack/filebeat/input/o365audit/listblobs.go
+++ b/x-pack/filebeat/input/o365audit/listblobs.go
@@ -183,7 +183,7 @@ func (l listBlob) handleError(response *http.Response) (actions []poll.Action) {
 
 	switch response.StatusCode {
 	case 401:
-		// Authentication error. Renew oauth token and repeat this op.
+		// Authentication error. Repeat this op.
 		l.delay = l.env.Config.PollInterval
 		return []poll.Action{
 			poll.Fetch(l),