Use RDP over a VPN
If you need to access a Windows server from another network (for example, staff working from home, or an IT service provider), we recommend using a VPN to create a tunnel between those networks.
Types of remote access software
For staff working from home, using a VPN to create a tunnel between their device and your network will allow the staff member to access the RDP server like they were in the office. This is often referred to as a point-to-site VPN. This VPN should be configured to require
two-factor authentication
(2FA) for an extra layer of security.
Protect your business with two-factor authentication (2FA)
IT service providers could also consider a site-to-site VPN, such as IPsec tunnels. If you’re using a site-to-site VPN, you’ll need to enforce 2FA on each application and system that is accessible over the VPN, as individual users will not need to authenticate to the VPN endpoint.
No matter which VPN technology you use, you need to:
This ensures someone with access to the VPN can only access the systems that they should be able to, and no more.