Resolved ! So it wasn't any content change, in the end or anything, it was due to someone removing my access to the destination via RDP in the past week with user-id restrictions on the destination. This resulted in the policy-deny to take place, but still, the odd thing is the App-id recognised ONLY in the deny messages is cotp. Once I corrected the group membership and my user-id was allowed in, the app-id was recognised as ms-rdp correctly. Hope this helps someone else. Maybe something to correct from a firewall traffic log standpoint, this would have streamlined troubleshooting if the traffic was blocked and the app-id read ms-rdp as expected.
... View more