Microsoft recently released a new Windows App allowing MacOS users to connect to RDP servers.

PAM documentation page Create an RDP Proxy Service to Access a Device provides the following string for use with the older "Microsoft Remote Desktop" application, and that has been working for MAC users in the past:

open -a "Microsoft Remote Desktop" rdp://full%20address:<Local IP>:<First Port>

But the service doesn't work once the application is replaced with the new Windows App. The service then was updated with the following client application string, but the sessions do not open:

open -n -a "/Applications/Windows App.app" rdp://full%20address:<Local IP>:<First Port>

How does the TCP/UDP service need to be configured to get this to work?

PAM client on MacOS desktops with the new Windows App installed.

The new App failed over colon characters in the argument string.

Replace the colon characters after the equals sign with URL escape code "%3A". The following Client Application string should work:

open -n -a "/Applications/Windows App.app" rdp://full%20address=s%3A<Local IP>%3A<First Port>

Users initially reported problems when launching the new service, with the PAM error message suggesting that the password of the account used for autologin may have expired. This got resolved by uninstalling the app and installing it again. It was not clear whether there was a change in the app, or if the uninstall cleaned up the problem.