Does Windows Admin Center protect Domain Administrator passwords

LL10890 I asked the same question to Microsoft and below is their response, I hope it helps

Credentials are not stored - anywhere. They are ephemeral from the gateway’s perspective but may live encrypted within browser memory during the user’s current session. 

The UI sends credentials by: 

• Encrypting the text with the Json Web Key (JWK) specification using: 
• RSA asymmetric encryption 
• A 2,048 key size 
• SHA-512 hash 

The encrypted value is sent in a HTTP header which is further encrypted by TLS/SSL 

The server decrypts the value, when present and stores it in memory using the Windows Data Protection API (DPAPI) 

When connecting to a resource, the gateway uses one of the following methods: 

• Uses a type of Windows logon that only allows the credentials to be used to authenticate against a remote target 

Scenarios for this include non-PowerShell paths such as SMB operations such as file uploads or downloads 

• WinRM calls for PowerShell/WMI to include the credentials explicitly in each connection 

The connection protects the values using DPAPI on the client and target server 

WinRM connections use their own compression and symmetric encryption by default