I am so thankful for this answer lol... and for years I have muttered under my breath at Microsoft as I try to explain to an end-user why they are set up with some other name on RDP.
Don't forget, if you are still using RDP across the internet without a VPN you are really going to need to limit the allowed IP addresses, preferably to a static IP(s) or at least to the general subnet of the networks you might be remoting from. People have successfully attacked a few too many legacy RDP setups that I ended up cleaning up.
1. Control Panel\System and Security\Windows Defender Firewall Advanced settings
2. Right Click Inbound Rules, chose New Rules.
3. Chose Port, next.
4. Chose TCP and Specific local ports, type 3389 in the textbox, next.
5. Chose to Allow the connection, next.
6. Check Domain, Private, and Public in the checkbox.
7. Type a name for this policy and finish. Then the rule will appear at the top of the list.
8. Double click the rule, chose the Scope tab.
9. Chose This IP address or subnet in Remote IP address, click add and type the address or subnet in the textbox.
But my favorite old RDP hack (back when the internet was a bit safer) was setting up port forward rules that would take random ports on the outside and point them to a specific IP and port on the inside.
let's say you have five computers with static IP's on 192.168.1.51-55 and you set your port forward rules for the internet port 9001 -> LAN IP 192.168.1.51:3389, then internet port 9002 -> LAN IP 192.168.1.52:3389, and so on...
Then from the remote computer, you set the RDP to connect to the WAN IP of the network and the port number for whatever computer you want. for example 12.546.43.23:9001 and it will connect to the 192.168.1.51 computer with the default RDP port. If you don't have a Static IP you can use a DynDNS name instead, yourname.dyndns.org:9003 points to 192.168.1.53.
That also works great for IP cameras if you have lots of devices you need to see on the inside of a network and only one WAN IP.
Thanks,
Mike