Microsoft’s long-promised end-of-support deadline for Windows 10 arrives on October 14, 2025. But for businesses and power users clinging to the venerable OS, a critical question looms: will Remote Desktop still work safely in July 2026? The answer is yes, but only if you pair Extended Security Updates with a VPN—and ditch the dangerous habit of forwarding port 3389.

The Concrete Changes for RDP on Windows 10

Remote Desktop Protocol (RDP) isn’t going away. The bits inside Windows 10 Pro, Enterprise, and Education will continue to function as they always have. What changes are the security requirements and support boundaries.

First, the host PC—the one you’re connecting to—must be running a qualifying edition. Windows 10 Home lacks the RDP host component entirely. Pro, Enterprise, and Education editions are required, and beginning after October 2025, those editions must be enrolled in the Extended Security Updates (ESU) program to receive critical patches. Without ESU, any RDP-related vulnerability discovered after end-of-support will go unpatched, turning your remote desktop into a ticking time bomb.

Second, Microsoft is doubling down on a security posture that has been a best practice for years: do not expose RDP directly to the internet. As of July 2026, if you’re still on Windows 10, the company’s guidance is unambiguous: all Remote Desktop connections must travel over a VPN, Zero Trust network, or at minimum a trusted local network. Forwarding port 3389 on your router is the digital equivalent of leaving your front door wide open—and with Windows 10 no longer receiving free security fixes, the risk escalates dramatically.

Third, the account used for remote access must be explicitly authorized on the host machine. This isn’t new, but it bears repeating because misconfigured permissions remain a top attack vector. The user account must have a strong password, and ideally multi-factor authentication (MFA) should be enforced via the VPN layer or a Remote Desktop Gateway.

What It Means for You

For Home Users Running Windows 10 Home

If you’re using Windows 10 Home to remote into another PC, that’s fine—the RDP client is included in all editions. But if you want to turn your Home PC into a host to access it from elsewhere, you’re out of luck. Microsoft never included the RDP server in Home, and that won’t change. Your options: upgrade to Windows 10 Pro (or Windows 11) before October 2025, or switch to a third-party remote access tool like TeamViewer or Chrome Remote Desktop.

For Power Users and Small Businesses on Pro

You’re likely the most affected group. Many small offices and enthusiasts rely on Windows 10 Pro machines sitting in a closet, accessed via RDP from home. After October 2025, you’ll need to purchase ESU licenses for each device. Pricing for Windows 10 ESU is structured similarly to Windows 7’s program: per-device, per-year, with costs doubling each successive year. A single Year 1 ESU license for Pro is expected to be around $61, rising to $122 in Year 2 and $244 in Year 3. That means keeping one Pro machine secure through July 2026 will cost at least $122 in ESU fees alone.

You must also reconfigure network access. If you’ve been forwarding port 3389, stop immediately. Set up a VPN server (many routers include one, or you can deploy WireGuard on a Raspberry Pi) and connect to the VPN before launching your RDP client. This encrypts the session end-to-end and hides the RDP port from internet scanners.

For IT Administrators Managing Enterprise Deployments

Enterprises with Windows 10 Enterprise E3 or E5 subscriptions have a smoother path. ESU is typically included or discounted through those agreements. But the onus is still on you to audit every Windows 10 endpoint, confirm RDP is disabled where unnecessary, and enforce network-level authentication (NLA). Consider deploying a Remote Desktop Gateway (RD Gateway) server, which funnels RDP traffic over HTTPS, eliminating the need for a traditional VPN while still avoiding raw port 3389 exposure. Microsoft’s own documentation highlights RD Gateway as a secure alternative for RDP access without port forwarding.

The Road to July 2026: Windows 10’s End-of-Support Timeline

Windows 10’s journey to this point has been years in the making. Mainstream support for most editions ended in 2020 for versions before 21H2, but the October 14, 2025, cutoff for 22H2—the final feature update—marks the true sunset. After that date, no more free security patches, no quarterly quality updates, and no Microsoft support incidents unless you pay for ESU.

The ESU program itself is a familiar playbook. Microsoft offered it for Windows 7, allowing critical and important security updates for three additional years. Thousands of organizations, including the UK’s National Health Service, paid millions to keep legacy systems afloat. With Windows 10’s massive install base—still hovering near 60% of Windows PCs as of early 2025—the stakes are even higher.

RDP has been a persistent target for attackers. The rise of ransomware gangs like Ryuk and Conti showed how vulnerable unpatched RDP endpoints can be. Between June and August 2024 alone, according to Microsoft’s Digital Defense Report, over 3 million RDP brute-force attempts were detected per day on average. That cat-and-mouse game doesn’t stop just because Windows 10 goes out of support; it intensifies.

Actionable Steps: Securing RDP on Windows 10 with ESU

If your plan is to keep using Windows 10 RDP through July 2026 and beyond, take these steps now:

  1. Verify your edition and update to 22H2: Press Windows + I, go to System > About. If you see “Windows 10 Home,” you cannot host RDP. Upgrade to Pro or switch to Windows 11. If you’re on an older version, update to 22H2 to ensure you’re on the last supported baseline.

  2. Enroll in ESU before October 2025: For Pro users, you’ll purchase ESU keys through the Microsoft 365 admin center or a cloud solution provider. For Enterprise, work with your volume licensing contact. Do not wait—the keys must be applied to devices before or shortly after the EOS date to continue receiving updates.

  3. Harden RDP settings: Enable Network Level Authentication (NLA) so users must authenticate before a session is established. Limit RDP access to specific user accounts via System Properties > Remote. Disable clipboard and drive redirection if not needed, via Group Policy or local policy (gpedit.msc).

  4. Build your VPN bridge: Choose a VPN solution. For a single PC, a simple WireGuard server on the office network may suffice. For multiple users, deploy a dedicated VPN appliance or software like OpenVPN. The critical rule: after setup, disable port forwarding for 3389 on your router entirely. Test that RDP works only when connected to the VPN.

  5. Layer on additional security: Apply MFA at the VPN level. Enable Windows Defender Firewall with advanced rules to allow RDP only from the VPN’s IP range. Consider a Remote Desktop Gateway if you need to avoid a full VPN client—RD Gateway uses HTTPS (port 443) and can integrate with Azure MFA.

  6. Monitor and patch diligently: Even with ESU, you must manually approve and install updates. Set aside a weekly maintenance window. Subscribe to Microsoft’s Security Update Guide for Windows 10 ESU to stay informed of new patches.

What to Watch Next

Microsoft has signaled that Windows 10 22H2 will not receive any more feature changes. The ESU program is a bridge, not a destination. While you may safely use RDP on Windows 10 through at least October 2028 (the end of ESU Year 3), the writing is on the wall. Hardware requirements, application compatibility, and support costs will eventually force a migration to Windows 11—or beyond. In the meantime, treat every RDP connection over a VPN as a temporary necessity, not a permanent architecture.