We have hit a problem with an important use case we are implementing. We wish to manage a credential in PWS with an access policy that allows RDP requests but not password requests. When password requests are disabled, current PRA integration prevents the same credential from being used for an RDP jump. (see support case CS0940695).
We would like to enable access to RDP jump on a request/approval basis for a domain administrator account, but importantly without enabling password requests in the associated PWS access policy.