Windows Server 2022 must prevent PKU2U authentication using online identities.
An XCCDF Rule
Description
PKU2U is a peer-to-peer authentication protocol. This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows user accounts.
- ID
- SV-254472r991589_rule
- Version
- WN22-SO-000280
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network security: Allow PKU2U authentication requests to this computer to use online identities to "Disabled".