Q. What types of credentials are protected with Remote Credential Guard?
A. In the initial RTM of Remote Credential Guard the following types of credentials are protected by Remote Credential Guard:
- User passwords (as they are never sent to the remote system but any credentials entered ON the remote session would not be protected)
- NTOWF from NTLM
- Long term keys and TGT session keys from Kerberos (but not the Kerberos Service Ticket session keys)
This is very similar to the protection offered by Credential Guard on a local machine except Credential Guard also protects stored domain credentials via Credential Manager.