Given an unauthed connection to a host that requires authentication, these connections still need to be closed, but when client.disconnect is called on those, disconnect runs the endSession which results in an authorization failure. Although this failure is not logged explicitly, it can still show up in the audit logs. It seems this would require a change to the sessions specification (https://github.com/mongodb/specifications/blob/master/source/sessions/driver-sessions.rst#endsession).
This issue arose in the monitoring module in the mongodb agent because it creates both the unauthed and authed client connections for all new hosts, independent of if the host requires authentication. These failures are showing up in the audit logs and can be concerning for customers from a security perspective.