For example, when you enable the RDP on you office Windows 10 Pro PC and allow your laptop or home PC to access it via RDP, make sure you do the following steps:
- Very very strong password(more than 12 characters, combining upper and lower letters, digitals and special characters )
- change the default port 3389 to other port number and do the port forwarding on the office router accordingly.
- Reboot PC to take effect.
- Allow the port for incoming on firewall.(allow private only ,not allowing public)
- change the Account Lockout policy (attempt times and lockout period, I setup 2 attempts only and 120 minutes lockout for my office PC)
4. Remove all default allowed users and create new one
5. Improve the login security. (gpedit.msc, Computer Configuration-Administrative-Windows Components-Remote Desktop Services-Remote Desktop Desktop Session Host-Security)