This is an excellent Video thanks for uploading and your time taken to create it! A+ Would you be able to please do a tutorial showing the method if you are using Intune how you you go about deploying the certifiate that way ? We have both Hybrid Joined Devices with Active Directory on Prem + Azure AD Only joined devices with Cloud Key Trust (Sometimes offsite from the business Site) -for a hybrid joined (On Prem) device - . I followed your method exactly and was able to sign into the RDS Farm when select option to use the "Security Device Credential "from the logon option list - It did default to the Current Intune managed Windows Hello PIN but i had to switch it to "Security Device Credential" - We currently have deployed WHFB Policies / Configuration from Intune MDM to the on prem Hybrid Joined devices + Azure Devices, so it would be great to see it all managed and deployed from Intune if that makes sense. Thanks for your help! Cheers!

Do you have a step-by-step video using Remote Credential Guard instead of a certificate with RDP?

Your video was incredibly helpful. I followed your instructions precisely, successfully installing the certificate on my host machine. The certificate appears in the personal certificate folder under the current user, issued directly to me. However, when connecting to RDP, the initial option is always username and password. By choosing "more choices," I can use the security device credential (PIN), but it doesn't default to this selection. Additionally, there's no prompt for the fingerprint reader as you mentioned in the video. Any assistance on this matter would be greatly appreciated.

Quick Q. What about RDP ?? If I want to log into to AAD-joined windows VM through RDP password-less from physical win10 laptop, do I need my laptop to be under cert-trust-model ?? and secondly do I have to do any trust setting on the VM ??