I was inspected the app rules deployed by the Endpoint Bundle and noticed that the 'pass the hash' app rule is referencing 'yourdomain.com'.
Does this need to be modified to suit our internal domains? if it does, is that documented anywhere because I don't recall seeing it.
