From 7e88988f3da604b275e8ef96f76350fa185a98f4 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Mon, 25 Mar 2019 12:06:27 +0200
Subject: [PATCH 1/2] defined credentials

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/1240
---
 .../security/identity-protection/remote-credential-guard.md   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index d4040d63f5..b57634a153 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -89,7 +89,7 @@ To use Windows Defender Remote Credential Guard, the Remote Desktop client and r
 
 The Remote Desktop client device:
 
--  Must be running at least Windows 10, version 1703 to be able to supply credentials.
+-  Must be running at least Windows 10, version 1703 to be able to supply credentials (hash and TGT). 
 -  Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in credentials. This requires the user’s account be able to sign in to both the client device and the remote host.
 -  Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard.
 -  Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk.
@@ -176,4 +176,4 @@ mstsc.exe /remoteGuard
 
 - No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own.
 
-- The server and client must authenticate using Kerberos.
\ No newline at end of file
+- The server and client must authenticate using Kerberos.

From fcdabff1708268bad4e33084261fa3e5ddc5d68e Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Sun, 31 Mar 2019 11:40:59 +0300
Subject: [PATCH 2/2] updated supplied credentials

as recommended by @SteveSyfuhs
---
 windows/security/identity-protection/remote-credential-guard.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index b57634a153..ccafee06af 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -89,7 +89,7 @@ To use Windows Defender Remote Credential Guard, the Remote Desktop client and r
 
 The Remote Desktop client device:
 
--  Must be running at least Windows 10, version 1703 to be able to supply credentials (hash and TGT). 
+-  Must be running at least Windows 10, version 1703 to be able to supply credentials, which is sent to the remote device. This allows users to run as different users without having to send credentials to the remote machine. 
 -  Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in credentials. This requires the user’s account be able to sign in to both the client device and the remote host.
 -  Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard.
 -  Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk.