@Chi Yao Thank you for your patience over the matter!!!
I had discussion internally and below are the inputs I got:
curl is used to connect and authenticate with HTTP and HTTPS to Azure services. Here authentication used the OAuth2 protocol, and this means that we have to obtain a token in order to authenticate all subsequent request which will need you to provide the tenant details, subscription details and other required details accordingly.
So the mentioned 404 is an expected behavior as there is nothing on /tenant ID to be shown.404 here usually signifies that the website is reachable but there is nothing to be shown on Tenant. If there was any network issue then it would give different error and that we would need to think about. Request do not directly goes to Tenant but it always is redirected first to login.microsoftonline.com so what you are seeing is expected.
Service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Now the mentioned endpoint are not specifically to check the network connectivity but it is also around if these endpoints are accessible or not as such if you want to check the authentication part on Azure VM you would definitely need to check if the authentication request and service connectivity between VM and tenant is working properly or not so that is why we do check if these are accessible or not.
Hope it helps!!!
Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.