It is very important that the contexts and their logical status is correctly defined. Inaccuracies in the logic can have an undesirable impact on the user.
To analyze what exactly led to the undesired action, it is necessary to check the status of the respective context for its correctness.
In the following example, the context SECURITY STATE was defined, which gives an indication of the security state of the remote device used by the user to access the virtual session. Based on the logical configuration of the context SECURITY STATE, the status values UNAVAILABLE, PROTECTED and UNPROTECTED are possible.
The Security State context
The context value that has been evaluated for a user session can be seen by opening the Windows Event Log on the host system and navigating to APPLICATION AND SERVICE LOGS\DEVICETRUST\ADMIN. Event ID 101 is raised during logon, and details the properties and context of the users’ virtual session.
Virtual session properties and contexts
In the above example, we can force a context change on the remote device by, for example disabling Microsoft Defender Firewall and looking at how the corresponding context updates. To check this, open the Windows Event Log on the host system and navigate to APPLICATION AND SERVICE LOGS\DEVICETRUST\ADMIN and check for Event ID 106, which is raised whenever a context changes value within the users’ session.
Context change audit event
If the context takes the correct value, the logic for the context definition is correct. If this is not the case, the individual properties used within the context definition should also be checked. Check within your context definition which properties are used for the logic and check the accuracy of the logic based on the submitted properties and adjust them if necessary. To do this, open the Windows Event Log on the host system and navigate to APPLICATION AND SERVICE LOGS\DEVICETRUST\ADMIN and check for Event ID 101, which details the properties and context of the users’ virtual session.
Session properties and contexts