This is a specific circumstance, but I ran into it, so I bet more people have too.
Enable and apply the following GPO to your to your pooled or personal VMs:
Computer Configuration \ Policies \ Administrative Templates \ Security \ Credentials Delegation\ Allow Delegating Default Credentials (enable the setting and add this entry: TERMSRV/*.yourdomainname.suffix)
From Windows XP SP3 or Windows 7 clients, when you access RD Web Access, pick Private mode and then access a pooled or personal VM via their icon on the RemoteApps page, you are not prompted for credentials—the session automatically logs you in using the credentials with which you logged onto the client machine. If you pick public mode, then you will be prompted for credentials.
Its due to the GPO setting. Remove the GPO and you will be prompted for creds in either public or private mode.