Does Pega Assisted Sign-On tool alter the Windows OS DEFAULT DP-API configurations?
If they don’t, then I just have to check the OS defaults for Windows 7/10
If they do, then we need to understand what settings are changed and why
How is key rotation handled
Does the tool itself perform the manual touching/re-keying of material when an account password updates by issuing a bunch of Windows CryptProtectData/CryptUnprotectData calls? Or does the underlying DP-API handle this for them?
***Edited by Moderator Marissa to update SR Details***