From e2b969722c41013e2eadd177ed53571aff656b10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20B=C3=A9langer?=
 <11839202+davidbel@users.noreply.github.com>
Date: Fri, 26 Aug 2022 16:27:46 -0700
Subject: [PATCH 1/2] Update policy-csp-remotedesktopservices.md

Update policy-csp-remotedesktopservices.md to add the new WebAuthn Redirection policy.
---
 .../mdm/policy-csp-remotedesktopservices.md   | 55 ++++++++++++++++++-
 1 file changed, 54 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 09f3f50725..faf08975f1 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -33,6 +33,9 @@ manager: aaroncz
     <a href="#remotedesktopservices-donotallowpasswordsaving">RemoteDesktopServices/DoNotAllowPasswordSaving</a>
   </dd>
   <dd>
+  <dd>
+    <a href="#remotedesktopservices-donotallowwebauthnredirection">RemoteDesktopServices/DoNotAllowWebAuthnRedirection</a>
+  </dd>
     <a href="#remotedesktopservices-promptforpassworduponconnection">RemoteDesktopServices/PromptForPasswordUponConnection</a>
   </dd>
   <dd>
@@ -257,6 +260,56 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="remotedesktopservices-donotallowwebauthnredirection"></a>**RemoteDesktopServices/DoNotAllowWebAuthnRedirection**  
+
+<!--SupportedSKUs-->
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|No|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g., Windows Hello for Business, security key, or other).
+
+By default, Remote Desktop allows redirection of WebAuthn requests.
+
+If you enable this policy setting, users can’t use their local authenticator inside the Remote Desktop session.
+
+If you disable or do not configure this policy setting, users can use local authenticators inside the Remote Desktop session.
+
+If you don't configure this policy setting, users can use local authenticators inside the Remote Desktop session.
+<!--/Description-->
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Do not allow WebAuthn redirection*
+-   GP name: *TS_WEBAUTHN*
+-   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection*
+-   GP ADMX file name: *terminalserver.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="remotedesktopservices-promptforpassworduponconnection"></a>**RemoteDesktopServices/PromptForPasswordUponConnection**  
 
@@ -367,4 +420,4 @@ ADMX Info:
 
 ## Related topics
 
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy configuration service provider](policy-configuration-service-provider.md)

From 885b3cc6c4bb57e51fdb1082cb816e3264c43f64 Mon Sep 17 00:00:00 2001
From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com>
Date: Mon, 29 Aug 2022 10:30:04 -0500
Subject: [PATCH 2/2] Update policy-csp-remotedesktopservices.md

---
 .../client-management/mdm/policy-csp-remotedesktopservices.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index faf08975f1..5d03cb7066 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -133,7 +133,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Specifies whether it require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you're using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption.
+Specifies whether it requires the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you're using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) isn't recommended. This policy doesn't apply to SSL encryption.
 
 If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available: