Creating a whitelist for RDP access

Check to make sure that the rule is enabled:

Furthermore, restrict login attempts to five or less before an account is locked out for an hour or more. You can also change your RDP port to lessen the risk from scripted attacks (security through obscurity has gotten a poor reputation that is undue).

Also, choose passwords that are better. A network-borne attack should take theoretical centuries to brute force even a relatively basic password. Consider the use of pass-phrases. twasbrilligandtheslithytoves, halfaleagueonward, or other memorable literary references are all around better than kF4^1*wi.