When both the local Windows computer and the remote Windows computer are Azure AD joined devices, using Windows Hello as a password-less authentication method is possible for remotely signing in.

The following settings have to be enabled in the RDP connection created within Royal TS:

1. Set Credentials to "Do not specify any credentials"

2. Set NLA to enabled (Destination server needs to have this enabled too)

3. Enable Redirection of Smart Cards.

The Remote Credential Guard has to be disabled on the source client (disabled by default), and the local PC and remote PC need to be in the same Azure AD tenant for this to work.

Documentation by Microsoft:


Thank you very much to our valued customer, Johan Lindberg, for sharing this with us.