After job (which uses TFS plugin) completion we see following errors in jenkins.err.log:
[timestamp omitted] hudson.plugins.tfs.JenkinsEventNotifier getApiJson
WARNING: ERROR: getApiJson: (url=job/ZZPILPXI-SWRelayCount-Tests-Run-LinuxARM/63/) failed due to Http error #403
Fortunately these errors seems to be harmless to us.
We have configured Jenkins Security to "Logged-in users can do anything" mode without "Allow anonymous read access" (so user must be logged-in to access anything in Jenkins).
It seems that the getApiJson is calling Jenkins without needed authentication info in such case.