PIN 1231 doesn't have a constant delta (1,1,8), so it's allowed ====>must be change to ====>PIN 1231 doesn't have a constant delta (1,1,2), so it's allowed.
8 to 2 this is the change
The original wording implied that the client would trigger when the certificate expired. It doesn't; the client instead triggers whenever and at that point determines if the certificate has expired.
I added some new suggested verbiage to the page.
Also some other feedback.
- It took me a while to figure out that the Supported configurations table only applied to the Connect without Azure AD authentication section. Can you add a table or note to the Connect with Azure AD Authentication section that either enumerates all the credential types that are supported or that makes this more clear? To me it first made me think that credentials like FIDO2 security keys were not supported with Azure AD Authentication, but after testing I discovered that they are in fact supported.
- Can you add notes about how long the RDP session lives by default. WIth Azure AD Authentication, even signing out of the remote desktop does not cause the user to reauth again when signing back in. The session length seems quite long. Maybe add a suggestion for CA Policy Session Controls to limit the session length also.
- The App name/appID needed in the CA Policy isn't easy to find, so I put a specific mention of it in the page.
