Forum Discussion
Native RDP requires you have a Microsoft client running RDP 8.1. https://support.microsoft.com/en-au/help/2923545/update-for-rdp-8-1-is-available-for-windows-7-sp1 The Windows 7 RDP 8.1 update has some other dependencies as well which you will discover when you go to install it.
Update: A separate RDP-RAP policy is only required if your destination is dynamic. This means in the RDP profile you specify the destination as "User Defined"
The key piece here is when APM creates the RDP file for the Remote Access Webtop link, it digitally signs this with the SSL certificate of the virtual server running the APM policy. For Microsoft RDP client to accept this signed file you MUST be using a valid SSL certificate. Inside the file it will include a token which is valid for about 20 seconds. Microsoft RDP will open the session using the APM as the gateway and present this token for authentication to APM.
Now if you want SSO you need select it inside the RDP profile you created. This is completely independent and distinctly separate to ANY OTHER SSO configuration inside APM. The variables you specify here can be left as defaults but you need to include a SSO variable assignment object in the VPE before it hits the Webtop so these variables are populated for RDP configuration to use.
Note that NTLM is not required or needed for any of this to work. The username and password from the login to the Webtop is sufficient as long as it matches the credentials for the RDP host, your desktop should appear. When you first click the remote desktop link it will download the RDP file, it is here you tell your browser to always open these files with the right application. Next time it will open the link on download and connect immediately.