Your network contains an Active Directory domain named contoso.com. All client computers run Windows 10.
You plan to deploy a Remote Desktop connection solution for the client computers.
You have four available servers in the domain that can be configured as Remote Desktop servers. The servers
are configured as shown in the following table.
You need to ensure that all Remote Desktop connections can be protected by using Remote Credential Guard.
Solution: You deploy the Remote Desktop connection solution by using Server3.
Does this meet the goal?
A.
Yes
B.
No
Explanation:
Yes, since all client computers run Windows 10, and Server2 is Windows Server 2016 which fulfills the
following requirements of using Remote Credential Guard.
https://docs.microsoft.com/en-us/windows/access-protection/remote-credential-guard
Remote Credential Guard requirements
To use Windows Defender Remote Credential Guard, the Remote Desktop client and remote host must meet
the following requirements:
The Remote Desktop client device:
Must be running at least Windows 10, version 1703 to be able to supply credentials.
Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in
credentials. This requires the user’s account be able to
sign in to both the client device and the remote host.
Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows
Platform application doesn’t support Windows
Defender Remote Credential Guard.
Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain
controller, then RDP attempts to fall back to NTLM.
Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose
credentials to risk.
The Remote Desktop remote host:
Must be running at least Windows 10, version 1607 or Windows Server 2016.
Must allow Restricted Admin connections.
Must allow the client’s domain user to access Remote Desktop connections.
Must allow delegation of non-exportable credentials.