Desktop clients authentication
The TLS 1.2 protocol is being used.
Desktop clients work with .NET WCF with Windows Authentication which internally uses the Kerberos protocol.
More details can be found here:
The following link describes .NET WCF transport security with Windows Authentication:
The communication utilizes the transport security mode which is described in the following link:
Please note that "If you are using Windows security, a certificate is not required."
Web Console authentication
The Web Console uses Integrated Windows Authentication which is the preferred approach to authentication whenever users are part of the same Windows domain as the server. Users are authenticated against an existing identity store such as Active Directory, and their credentials are not transmitted across the Internet.
The following link describes the Windows Authentication HTTP request flow in IIS:
The session after the initial negotiation is handled securely by the Web browser and the Web server.