Microsoft Remote Desktop Over Internet



Exposing Remote Desktop Connection Via Internet: The next option to access Windows Remote Desktop over the internet is to expose Remote Desktop server over the internet. For this, you need to set up your router to remotely access the server of the computer to be accessed. Microsoft Remote Desktop Gateway (RDG) is a Windows Server role that provides virtual desktop services to enable remote users to access private resources using RDP through HTTPS connections. RDG can be thought of as a VPN for RDP, which enhances the security and improves the performance of RDP services for remote access over the Internet. Microsoft does provide Remote Desktop applications for Android and iOS devices, but this solution is ideal for businesses with Remote Desktop servers. Exposing a remote desktop server to the Internet can put you at risk — we don’t recommend you use this option. A VNC Server: VNC is an open standard for remote desktop access. Download Remote Desktop Mobile app add the PC name and user account for Remote Desktop connection, then select Save. Select the PC name to connect. Whether you’re editing documents on the go or working from home, keep all your apps, files, and network resources at your fingertips with Remote Desktop Connection on Windows 10 Pro and Enterprise. On Windows 10, the 'Remote Desktop' app is available through the Microsoft Store, and it's been designed to make it easier to connect and control other devices over the local network or internet.

  1. Microsoft Remote Desktop Over Internet
  2. Remote Desktop Connection
  3. Windows 10 Home Remote Desktop Over Internet
-->

Applies to: Configuration Manager (current branch)

Typically in Configuration Manager, most of the managed computers and servers are physically on the same internal network as the site system servers that perform management functions. However, you can manage clients outside your internal network when they are connected to the internet. This ability doesn't require the clients to connect via VPN to reach the site system servers.

Configuration Manager provides two ways to manage internet-connected clients:

  • Cloud management gateway

  • Internet-based client management

Note

You can have a combination of both services for a single site. If a device gets policy from the site for both IBCM and CMG, then it randomizes between them for communication. The only mechanism available to control communication is client authentication. For example, if an Azure AD-joined client doesn't trust the server authentication certificate of the internet-based management point, it can only use the CMG. If a domain-joined client doesn't trust the server authentication certificate of the CMG, it can only use the internet-based management point.

Cloud management gateway

The cloud management gateway provides management of internet-based clients. It uses a combination of a Microsoft Azure cloud service, and an on-premises site system role that communicates with that service. Internet-based clients use the cloud service to communicate with the on-premises Configuration Manager.

CMG advantages

  • No additional on-premises infrastructure investment required.

  • Does not expose on-premises infrastructure to the internet.

  • Cloud virtual machines that run the service are fully managed by Azure and require no maintenance.

  • Easily set up and configured in the Configuration Manager console.

CMG disadvantages

  • Cloud subscription cost.

  • Management data sent through cloud service.

For more information, see Overview of cloud management gateway.

Internet-based client management

This method relies on internet-facing site system servers to which clients directly communicate for management purposes. It requires clients and site system servers to be configured for internet-based client management (IBCM).

IBCM advantages

  • No cloud service dependency.

  • No additional cost associated with a cloud subscription.

  • Full control of servers and roles providing the service.

IBCM disadvantages

  • Require additional infrastructure investment.

  • Overhead and operational cost of additional infrastructure.

  • Infrastructure must be exposed to the internet.

For more information, see Plan for internet-based client management.

-->How to use microsoft remote desktop over internetMicrosoft remote desktop over internet

Applies to: Windows 10, Windows Server 2016

When you connect to your PC by using a Remote Desktop client, you're creating a peer-to-peer connection. This means you need direct access to the PC (sometimes called 'the host'). If you need to connect to your PC from outside of the network your PC is running on, you need to enable that access. You have a couple of options: use port forwarding or set up a VPN.

Enable port forwarding on your router

Port forwarding simply maps the port on your router's IP address (your public IP) to the port and IP address of the PC you want to access.

Specific steps for enabling port forwarding depend on the router you're using, so you'll need to search online for your router's instructions. For a general discussion of the steps, check out wikiHow to Set Up Port Forwarding on a Router.

Before you map the port you'll need the following:

  • PC internal IP address: Look in Settings > Network & Internet > Status > View your network properties. Find the network configuration with an 'Operational' status and then get the IPv4 address.

  • Your public IP address (the router's IP). There are many ways to find this - you can search (in Bing or Google) for 'my IP' or view the Wi-Fi network properties (for Windows 10).

  • Port number being mapped. In most cases this is 3389 - that's the default port used by Remote Desktop connections.

  • Admin access to your router.

    Warning

    You're opening your PC up to the internet - make sure you have a strong password set for your PC.

After you map the port, you'll be able to connect to your host PC from outside the local network by connecting to the public IP address of your router (the second bullet above).

The router's IP address can change - your internet service provider (ISP) can assign you a new IP at any time. To avoid running into this issue, consider using Dynamic DNS - this lets you connect to the PC using an easy to remember domain name, instead of the IP address. Your router automatically updates the DDNS service with your new IP address, should it change.

Microsoft Remote Desktop Over Internet

With most routers you can define which source IP or source network can use port mapping. So, if you know you're only going to connect from work, you can add the IP address for your work network - that lets you avoid opening the port to the entire public internet. If the host you're using to connect uses dynamic IP address, set the source restriction to allow access from the whole range of that particular ISP.

You might also consider setting up a static IP address on your PC so the internal IP address doesn't change. If you do that, then the router's port forwarding will always point to the correct IP address.

Remote Desktop Connection

Use a VPN

Windows 10 Home Remote Desktop Over Internet

If you connect to your local area network by using a virtual private network (VPN), you don't have to open your PC to the public internet. Instead, when you connect to the VPN, your RD client acts like it's part of the same network and be able to access your PC. There are a number of VPN services available - you can find and use whichever works best for you.