From b82c320950b880f3e6c77c033debfed1e28744c3 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 16 Aug 2023 10:59:10 -0400 Subject: [PATCH 01/33] updates --- ...ndows-defender-remote-credential-guard.png | Bin 15225 -> 0 bytes .../remote-credential-guard.md | 141 +++++++++--------- windows/security/identity-protection/toc.yml | 2 +- 3 files changed, 72 insertions(+), 71 deletions(-) delete mode 100644 windows/security/identity-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png diff --git a/windows/security/identity-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png b/windows/security/identity-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png deleted file mode 100644 index f7767ac5f0dd612bcdac44338ef6dd5ad45c8e45..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15225 zcmd73cTkhh7cU&KAc`Q00@9QYp`#RO7J8Q+st5s*-g{A`H|ZUuONW4zP$C^d6Oi7d zgbtwyAq2?#`2Ajf@BQOeX> zDRmI&DnAHxMeHU4P!r#FpAq;+WG@GC0)a?6{{CG_0FzJym4wdn%F=|3H>nJ5(LnXhztuV>j<%Mz7N8&0tHD4W;lICkaWsX3j_?6nm(5<=+1NmBok7R_ zi3p(X#@}X|md@5t(6`+YRsaZ)ywpog_w=1Pk8~QBl#~6!V$TAvL8aIRe)-2lL5JhP zS00T`>d-zsd6;6q62}3(OUh9djru&mo_NRMcp&yH^#ty9t!qpoq;JKMaPHV+_D?&Q;uDOP>iT5bHiEzz&Lxm&dc-Ge^=iy0D$eol2yG%P z#tDAS8qG8wEj3A*|Jf$g@5`*12eE*RB1NmWJbV}CnNqrv;uxA*7wvF~g@;=e@%Oyk z#9l*IbT50|FEMO1BgN#VV|Y3X@KJy8)J zZMPmuMwa>AV8NuF#UEi5;l5=NCND3TR{_k3?#T!=JdZMt$qkKE)AsDG zO;n&j<{5)apbsQVByB2E-b9J4(Jj0~XcL$>a;>IECg##CJSJKFVz91joqV8rXgCq0 z?BwbVi%jgpfxBBBycENi`k0eQ7iYW0lIrAZ2WHxdCmYD__@Pu;l_XV1#t*TVSRh|k!nmeZ ztw#*CMdg{IuM-_@Z*c4!O0Hqy92L9#yX6?t<+Uv9le@$7t)=r%#R!=y#%}aZDeZ)6l|xCV|QKL zT=i$^sHjttCAZua$VMCZ;_eBE$aPuJE>tZ;aW736X5wkENc^= zPetx$R5a1rkA%+i@}I;%<4%Pxodwl)U<%+O86xf{PR;o zi=QI=bk25QN~`z$JfT4H5HT?z3LBhH zX5|_B;MvubU7Z#eZ2DXfUMcbT`V@l`q}lrzHoz>Wou#SmImGeN8e?N&T(Oqvc8SG6 z&WWSE@5hlcOFo#FY37ck7iUny(}2759j7Py_#1Ue#TxOE)I!{b@TYiM#;npIRS?Mk zOl>T>KgwphrgyX&3fPA@LMRnb&Fa1$?^hq(o&*B9)Bp1z^9AGv2=tpM{%@=QUw-Li z@K3zN;(v3TzroG~{@~qa%>1juFByG2h^C+HfJ+rI^^Y&`ww5@*w7RkHuoqt8+?}VPua?*f)EBF6*bS5lQwcpWR@uvoy zki7g(c1;2nzlUM+kLY^uzKB^$N(QNqKIOU>nun`?d@B-nr9#llu&;f1vrdw?sNv--?!et|U^;r_M5n4V92{M|#ez1d!iv zyu^YA(v!n`}L}{T3j2Got2vhLoSdPfuF;hq8 zbAfn%&+>z&dXH!3mQJ|?2Vx2pQcld?RU1Ft;!?G_>F<1tSO0jkq@vug(G{~hx4gWJ zMT^UReDQX^$;0@hjY36u@$;)Sg1m$wM(wH0mEGU+`>WX_cU~b;fzP!T_RUTPuBiPw zFidRTYr8Fp?NvRPEeh!B?yj?2Xz{@v+j%cj_a$uc}2Hi0juntqo2tUtkN@p$|M%9#dR=tSzp!8SdWM*$Gs>VXyxR zYVH{8)fW31wLzEmSve}JNw00_Ufhfxo~l3*!Yr$TZTw6VCqLB~Sqp0V`UTOkorQR+ zDe~Q)$gIS5sH6%;%xr26IE2ocQXD|}E96mid7PsB-10`5yAJTchchhnM}3nqo!4MU zq$ij#PQLD^r#^_T<2pZY(e;4V?Ck9I<;6u4Ev>5`UzlhRfRywM9$$^q`?L0gmcnr1 zIKeOcoCx&drCMU^RxNrXY#pxH+P+vBLY!eg{byb zp&)+(ju?%LXuIMQDaE6a6fKRbdQSOv!^O0LgEv)*)1NQzL{*^|5R0pdLq9cH@m!1l z=n=5AciL}WBLI{I=-?E#U1|BzPb7OWFR}O)D**+2nC6i1%FeN&t){uw-?A+U@^1q# z1tcFmXrWK%UmiXrDPT#XiQl9OmRjqd#a#y(#Ma&3SDgl5tZBf*F%QwdDeP7~x?Z4O zRt+W&q^Y+YYzJ(D!x-^ayB9WWub53nFFum7M;p27h7P8jZ=F+L%x#ExZvH5~#6lo1 zexC#HA@_KZZobnCs)>oMqn#>>zjXqSAEAr2xK0H&`Wg|ITPpw400quTRg$W0p5QzG z9T+&6^M34^W+IOCEc@>yG6oHW%4Xe1nG0u1`VU;I_uj3w@-%${V!(2aR3yuMB)uJX zPAVtTSWADMTp>t(*tuthRz%A@?j<};P|q&&faTRNYQJ@K;2X4w8G5GiKPh^i(hu*( zr2wY2bX)4Ux=sZ)FeE?18YNvd$1CC?f5Z=^>31$k*{)gj3c)^vEYKVd^G?B?aiJb} zfzbECTCcE$wEY3D9(k#nwMQ!4&ok*8{QLfg{==LI!nT(dM5180m(A9^l%Dwpw#u`z! z-%e(*BG*3>N`b3~)3j|@C_o;GJB7uaM~1honzJMQNqk#{leM_#M8?rTQG78RyvNcLVhZ`$ff2WN!v8mq}Nqjo6yX+;5<7SypqH()xv9$ zsJ)Wg{mdXi%x7u)wDxrh@uvhDntlPiH7k0*tTraIlVxMIWXfhH;}Q#g!TuR9E>fPz zWy6)jfNy5x#t^~k;#u#&5L=oB%_@7(PLt8IVAVs}t;)|XVY|Pc=G`BLGSH9&F+A`^ z!lHX-*51yWH{466hlHd1&Ol#gJRW|Yi8HxwvL9GI!GzlXUb^9+ z9_xKCtPU|xJPwm|o6tGAKz$Bc`9PfCNol*_qU#j6OpzRD_FS12Y>NjYo|*?8oHe7S zbVl=OMxOCWKD*O{SOWLCl3r6@h0`sF{1l?IEdS%P)li$2E;yQ0z&j&E;|P{qA$pdw z#o&M-k9&%bRncXw)mzC$@GD{`nXDbpR>qdH6tMZ!3zphDq2x!T=Uk*LF}}H3e2$)Xb4$H8mR^Y=b5hSYABwN%jX4OB1>2Kew&Hk}U{;;}^#2`#CWSjGZv zY&>|pZvL=f(CO(cPqZBL6JoqSXrDO@Ei?($=X-JbQH67+ z&(MT9uT^)e!~EWw)p&nUZnq}OX1NNAuLPD(YGoJkhcn%%%6T=|jV*e;OHy*eb&e=f z!0Mh~p2v9WGmZ0Ul;8Vi%nN9(*W;7(q~{0edqen*bTN#sg0?vBbh!c(5~A^JD(DV% zI&$EK?fGXjn(-@lwc-!&m>9M+RPB5pB(-R2!K-%%29MLueL3|s4^IQz>5lvvh{OSc zv#^s^zmh^K^V-0thLTV928hi;T120PAve2+8G-wqYPuzD=9_^pm46{qc8P_^GZrxY zgzi3?b?9VG*~TmA(=W5m9^TJ?Q9B4bq2|t^1{-bJQj_?&4A(?}htkw9{G!ukl(q9@ zaMN=oy`Ng&`uX|U*`Yf+J}U;E|jgqbB1HQhOpCH7{`%AixNIJ=$%%qk$ zE@J_W!71+DEKrm+$}zcbi%`jn;jOpFrMGAbx+?V>Fzbr;O1)({hpvkmCGFc zx=kiu>4({kwv~(VRntt{t7U%@v}!&NsJed~k(R@72tWJ9VyFvgZQ|Kt%o?M!g5GzW z5>ZYp43GPnd&E~a$*#20$Qka(wY8vIh`U$OhlWDiae&YDR(?B|cVyo+{}PKN(>qnQ z!$adM-MxM+e<;1u9kY8+sj?L6Ucp&Jf{>J49_JDJqh*#7B(awLWgS8reF{%!cpTvH z(bnw2&A`D)!IEb2nfYbeA7X&@QiS=fFH^Zw)*QyOw4Qv<|( z7q9Xi!&e3oR=S^X&?6URsgIspJ`frB;yufOnLiZidoY9~`EqcQ(OJ8ZBLX%IvVHri z&+3*v5+6Y&z}>hFqY2oatXe+Zsu-#rJHsB@wP06i8gD2V!O;PwEv!l`OiC)_RmzIb zTRV%?urWgnBdsmg(Frp%Y0D(P-?9uI$Ko@pAKL}@mg@S2iuhfey?D$kA(5$7k{c~C zo$u}6%Xl!Hm7H=$gmSUaa4u)4seF6F`j zIX@cNAYZ((#ERe^_o^GwIr~ssCu9iN9{ybrON#!KN5Aa6=PCr6j2pCM&T`(@Xcmky?J3{k{_@|l()?W?kM8s+9A9cIrCz11ZWW*a+~^H{Q# z9_mefnN2fG2ufgC?FKuc=a7#raBvIJChg;PXYtgC=!BTM`fj};-tLUiB{@CxaMxqC za)@RrG-WdNN_knC3*-Ix*me@pZGboLLn)Zwzki>n`OgToUDM)QZIFNOSKW#O`cSFk z?Ws7MlJatHq1cz~BB*!`$0m5`0$TFumqrGX5X9?24uw1nmD+8=?Y6eIvMeZdU1DKP z4TMm&6%|8~@oM})h~Px3{tI#C8i-tBn5H8_iUEj4XlZHnYpti6Je*Wjqaz=em6hoj zd7xsM6;;IcI}-mXFCPDP2V7Z@pnEx|*ZI-JM7bd~4hY^gq)u_TfYz^!``z8$LIB}m zIa)9odwS}rrBwoy;^KF=|4zr_a8+c4ktJYm$CSG6m?|jU)oku8g`~d@2$7!*B|v?A zd^{v{oUTEBD|59b&@Lodv-o@N_sAdV+)4lB{V_NMoS2Bd1 z0hlg(%fWD{oL2GoDA$xY=|Cx%5132!ca)BHKER`YQ0NEy15wAvLD%c`Utyy&o`6^)bpqs`Xa|E z>8aS^2lTFOXJHWDc8d5gp#<#R$CHA|eTMdP>2y`r`T!n7CH32sE(5fKe`$kOVx;x- z(}RA2NXavkwu8Z~@{;D0rLg5Fry}FWZmM>>wmVd!mM?8QAlTxCIv>nZ!|GO@5(fY0 z;I-sBjgXZ2815=c>D5)xwtYTl_@6(2d~q|a6UG(TZ40o9gh;LTpN6%d-Fnlr{3LU6 zY@W6;T4v(Ku8Jglx8t={fhxO>)D4+7?bLWn^SP(z^e7-&?4IE~J_|3>;(J~%C&dKwa;q;J*f0M$E8@6N z25^;LcR@eQmc1d`Ui+N`s^a;-Caf5W<wZAs`(bCEb=}zF?fSeM>H}av_IE<_NB@!z&HJig}z<$ z*!1+~;gp}%=k`T_8zB5k3*56kzgK-a>r`mqGPX|Z77_l(8#lvnkBlfp(`QRx%OV3h zFQ`r0Nw-qS;#4tua*IcjnZ-Iy!Uw*99^#XemX@Xt-nasSIPSxtM?!OdT2GH!Y-ZY8 zzlOwzeha5i#b02`WaS`8DSFm^>t5MtJ(daa-YttUOUE;3OD4sT`&L#kF1At{(s#hx zMTbLEore53+vf741q|E4jn&x;qUPB{DFeQqtPOx3C|89_rt zK>aHF=kd-=BOD$S6!hW4hs~|6XyK)shy_VOLGzH1C&M#(j|k}^qM}+#K5ma)Vu9Oj z#9`1BF&m?WLuo=41qCe76_>5?P&xP%ESwwOldy9IL@w!8aZoXkUZkmw{QZ?7=ht}R z(11N;kn)hBR|XqoH z9#2U=EcGro zJ$i&hA`4Wr{&KrDH8lXuYBN*IT#7L5j#6WL>V8%z$_*;pm18Sa$Mq>?Yr_!Gou1cP?w($6g)LTT$AHJuJ z+u4`e@wd+UK2nr$^WkVN3%DLIv1E{%_ix$`0&i1<$=TW2wH>Tu&3r7@?nZyQ#KN21 z*931#5h4fJOD_)s5DWEMA1tb*!WW-x`YKwIjz7YYEJd_#Khx{cZvE>=)IJPPVt%JS zL({uxPTUbnz9yfXiaZe(OiS2(Z@LZf%1G_5b2k$Z`Dh*RgDfB*fI(eHC#ljKFs2Or zPoKtDih17BtF%-(YYXiP&?qMc`P&R8K@$`c-vocl59gU4;xe~=^Ut)nv z56F;N5~dWi+mBH_Iyz#20sQJ`)NnPjKqVu!QVedk>4b{yX;avwPJSt7)R1 zUiue13mht9e7+t>Qx;%V@i8~t&S(W7?Yc9qg)3YLvMRv%9-yTT$87WjTt+J%NQ*3mFpeCxp}DVs zrX2G*!C9i1uM1}^C=D&eByBFkO_@S}X@HpTjb%;~va_|a3P-G$46W%mxjP(O=K=gA zRe)gDG4^peMeC^G&ynk|q~An|?$)m`0^IrJsy(Ejm|leALkJshIvwN^3&IN?h9DER zu#w^Mi}lfHUsNAn&1NwS?@tZ5+z!W676|NW+T7e+dwcuX*cbp7;IS)|_vWnjr)cQt zU{=%YWc)g(CMVrH$YiDb7`{Yood7n^0mFeG_Uso{OJWZLJeYBkdqb zoQ#Z_{MNiHI?Qc#8`t+EP2oj?KZnd}t&;y0z)@}Afb}b8i#uOp!7J5qxBc#Ug&+9f z4_@Njb%)TdSk!s=>cx-a47=|;Rswh8b66DXF>n4joVCScWRdv~oLoSl$96Q_eGFj? zIbepcZ#Fi#wwMrxkwye2#cdodQg6fil<9TX1)&@LyZ&RH>q<*`rM*jNpZLnX_IXK9 zKPGTlEV?+p@@ME9VAMVRi!dbtVlo%^w=1pPbf<;%zRNuN_|g!ugO2txCofD?ot4k# zdOPg`uEPa^JF+WORrYcC`0ewn&Gz5&qdMA1mYFjCav;^?_v1pp&>}X!i$g2Y3cSnA z*+;J13ytVd+**G+#(S*~ z?J$R6jCrGmyOf58Mm9k8{NM=ggRN!yU8G4i)E>7bx}gGMEOQZFrW&2mNtg`bX`vPb zCbT(;&U;wW2&)=I8J10{AVu6cHJ_2-*hK<#z)X?^4Uf`2A7cI-qKKo(%wiIM!(&TTXp79SPcd90LQpj(ZSH|k}Omd)ZQHg%S7y>p4 z2yQ|C+rkEkW6D{_k$nh*FocV zvBS{5Xo*$b+esV%$jN!Y%4_lwYw;1Awst=(ZE=A1fydgnriaomdKG!Fsgz3_8ofXa zatpaJ#owvc!7DX<$8<3#kkk*86x{5!7mdKY*3#h5ln2fMc~eBZZBw44QU-mX4B~j# z=I@|#Gmr6e3$?_>+IYpIb&5L zeof9N^?*!zyi6a{bKLD(+Nslntuk6076OFdf&GX>%YsV`9@T< zQAeV_xUNFy0pNfdc{FdA(P}kzs>vAb+%BcX?L+Ho`fVL*frg+3eL`EwggScmy#t+v~I zB$;adl zt@*}_xCsO2#U#!fp;;(}hoTCs$As|=q-~EDk_yHN;pg3lh@C=nS z>*RrdDc*gD=XBR)!Ks!JWIF?}I~^TT+0~%*H4JWTAWa7#lE~9ru(9vh-cbg<3-Mho z95g68>z+WIM@u#?A8)2|v{!m6P=R=olat?n_y8O)`yW0R6$Lo8FR9Bq*a`ACn$num z4`Nh(4oWfjnyve+8JrAZIZ`}ajsLGIjQ*nvd~S9vdH<>ck6OY1N)>>7s2n$Tq5rN4 zwyq+8$@G`++|f?}cYU0;#?{)WBJem`Sr_Xq9}SJ!_TZqsODuLNfc5C9H>9Hq3;Bk; z$jqFXnEh^Z>?MkG!+kh2g|_xcO`^(K$;xMMfL;*UpJ}5Q-mT}z4($p>tPk{|{=1m3 zW*-<>tRPAqio4g(iR%S{MA6Q{|2j*=u>{?s=6h z&9GF&rDuCgR4L0Dag7Hih?SMz*B59ZyO?pm#A4K$I<`{9k%z=K*W>;zz1gkzI&cFuuaD2Ql!<#n#f_oIO{tOYtR?Wju*V4QhBat#FPa5|ZVNz2k=Pkf^1T*k|gak(*3`v-wq%f@?% zg|X+bT3nP}`ANr!hLjYUv=sSh`S%ac+~+T`xC&E#?D*m=YdAsN~7tkaOs4`bh6@gxlWFQ?hP9JCRp znTAm|R)wn$)`7%c5bfXp&>Al-b5Ko{w$kDvxU?3Vz&Mk<446IMB4M9H=D+rexbyCL zziLKo6lp&}^OeTHm_g#TV zQ>o!MfrTg_r)*bLlAv&IhWqH2QQRDL9+1kLUR|h?#=-#4-a5ZJ*Jt;py9*ip9Eo`Q zvHBcHswNj*Lx+kq*&5RMN|(JFm&azm;4B3p&s5g>qvoxlnj z8)ssYL0@jKS@dnToQ|!Im3)8knBiKR%iN`0WNdR~p(IoAmWN^~X+ zJ&XPhln-(Gy1Shxg8MzutOsiLyAa)ZbGY87RiB;SdFz%ap;N@{&wmPS;co#|A|i4z zdeHSnZwL#+v$ZT^w^8LQF+?#R6Tq_L73jvb%&&4U%r*~Dz%#T=AxNRO<@~-X9`P|1 zR<*^GE?(D=Gh3MM-4ValBJ3rWhucy1PHR5Xp`(}inZR3MNKj2CO)PEwM}#8w377Av^$MU?studPF*9~qciAb58jh!bRCViFQ~SNSAQ-2ilfTNwogK2?QoOhyqkt%; z`_|I+Nv7j2+1$_9j4}OLVnOBMQuFf`XexW`B^F|^szb#>p-?%tQvA}!c*qGk<5Ajh zj9y0`ivWa9@{YOs17@MBSf|<8ke1*d8xkeVAaG^Et>T)o~P`GODRl zPMuTaxLiEv)yRtM^EQ3*-C(rOC(I=II@KKxc=q^>i2EdE=e(t==N)ZuN%VB#w_RU* z=1Pa-=4IAx3*zL1Nw9y;@>1c<$#~g$UsABN6cgu&&z#Ex#l-lbEIZM+$mu>aIxy-v z(e3KyMptBRa4(tCI~Ghb4eRoFev?mQ=WOX?VLFpbEIJ4s_Z#9iRV6)#mQRO0L+Erpb7V}NF4Wat=+A69k$ zLLwsuG*tHT(p|&EAEXf}ioA*E4vBoKo+!1Nkb>QT3p_MpM?bP{De$n3e`l|iQt(SV zz9@{JPW{e#dxr8D@+x#X!V)Fq2Q^CJIoxqTxGS8K((QzL*EkC}Gm?)#NRgZBcqj7i zeBFePW2fw@LME7^hjIb#vM^;qC}f*{_l@u3oll zis5^;;xASjr*$|o{K#3}l=Y%-A~BE?ASw zKIeA)UHUAJIdCaMiB~=z8=qxZ^*c<|&6!k&SUl%ji~fbl;3AYrWpl@Wkqah(tmPYbz^N&@e`SHx|!wteIH18 zp!egV95=}P2}O((uSbcyp0(h*qzM=tN92zduu(b1k$>qln;C*Mq3G~<(mPsoe%?{d z9TQZm77i&D_YtWHvD{D}({pdXaB;o7&ab70f59B3-vo8F!A+8l%Q;(1 zPk(UX?e_wKQ&YFU-wBKa@6Ha7Q)lYsr~9=1!94Fur1 z0Oxy7Mnvt^|1gTNwnPcnKX9Y=sE^44!6tD?}-TxYR%d=IgT{j=2U1vqlon z-)9kI?=Y^MV>}{gHh2l%OUxv?&>}jAjggTtaF8G+Q|Rp_79fQzeMCpP>(LmpTXOe4 z5qho>({%VJlP>GhXdC@_@AFVHFmX@VWMIW*au4^6I&j z_%w6%J890TPo|`_>rt7E`pQ|(*175^!q*8mZ5(k{^Xf=d9QD;$i z+xh+x=y_65u=~s2c~XZwZ61ltr+9X9PWF)Iq}b%k+o2uHY}_qOk(bak3QtgsgL|qreimoei5?DLoy4Dk?8cl5F*q z$2zk0d+|Y*ez|)_0@>i3ODmqW&W5T+>qW$@Tt?R)Qw%0ScXSN+j(ZsSpOTXo-P<>I zQf`m-C8wgic|PG68Pd}gxdYJLzUN!Yb#trk6Ci^ewy+$wlnF2!+CrFWj|0?T-@DPYd zssFl~6HbGs@UMQzsjCL0{J(W{SY!fe*%-7KG_2>Os7mfw*+y|4KNG4G!{(j3`AzIq z;5qso0S?YP9=K(r!)au&|MPWkU!VDqt-*I>Bptv~g=I7*#a-tm3SWindows 11 - ✅ Windows 10 @@ -13,94 +13,96 @@ appliesto: - ✅ Windows Server 2019 - ✅ Windows Server 2016 --- -# Protect Remote Desktop credentials with Windows Defender Remote Credential Guard -Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions. +# Remote Credential Guard -Administrator credentials are highly privileged and must be protected. By using Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, if the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never passed over the network to the target device. +Remote Credential Guard helps you protect your credentials over a Remote Desktop (RDP) connection by redirecting Kerberos requests back to the device that's requesting the connection. If the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never passed over the network to the target device. Remote Credential Guard also provides single sign-on experiences for Remote Desktop sessions.\ +This article describes how to configure and use Remote Credential Guard. > [!IMPORTANT] > For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#remote-desktop-connections-and-helpdesk-support-scenarios) in this article. -## Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options - -The following diagram helps you to understand how a standard Remote Desktop session to a server without Windows Defender Remote Credential Guard works: - -![RDP connection to a server without Windows Defender Remote Credential Guard.png.](images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png) - -The following diagram helps you to understand how Windows Defender Remote Credential Guard works, what it helps to protect against, and compares it with the [Restricted Admin mode](https://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) option: - -![Windows Defender Remote Credential Guard.](images/windows-defender-remote-credential-guard-with-remote-admin-mode.png) - -As illustrated, Windows Defender Remote Credential Guard blocks NTLM (allowing only Kerberos), prevents Pass-the-Hash (PtH) attacks, and also prevents use of credentials after disconnection. +## Compare Remote Credential Guard with other Remote Desktop connection options Use the following table to compare different Remote Desktop connection security options: -| Feature | Remote Desktop | Windows Defender Remote Credential Guard | Restricted Admin mode | -|--|--|--|--| -| **Protection benefits** | Credentials on the server are not protected from Pass-the-Hash attacks. | User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing | User logs on to the server as local administrator, so an attacker cannot act on behalf of the "domain user". Any attack is local to the server | -| **Version support** | The remote computer can run any Windows operating system | Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**. | The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**.

For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](/security-updates/SecurityAdvisories/2016/2871997). | -| **Helps prevent**                    |      N/A          |
  • Pass-the-Hash
  • Use of a credential after disconnection
|
  • Pass-the-Hash
  • Use of domain identity during connection
| -| **Credentials supported from the remote desktop client device** |
  • Signed on credentials
  • Supplied credentials
  • Saved credentials
|