I'm not necessarily arguing it should be one way or another, just clarifying what photon_rancher was saying about the offline behavior extending past just RDP login.
As for the article's stance: keep in mind RDP to any user account isn't necessarily automatically required to fix it. In general even, it's a tradeoff one makes when deciding between fail open and secure. There likely isn't a "right" and "wrong" answer here, neither approach is going to make everyone happy. Unsurprisingly, the security researcher is unhappy the needle doesn't lean more in the direction of security.
As for the article's stance: keep in mind RDP to any user account isn't necessarily automatically required to fix it. In general even, it's a tradeoff one makes when deciding between fail open and secure. There likely isn't a "right" and "wrong" answer here, neither approach is going to make everyone happy. Unsurprisingly, the security researcher is unhappy the needle doesn't lean more in the direction of security.