1. Why would a company expose port 3389 directly to the internet without VPN or a RDP Gateway?
2. Is there a Microsoft Scenario where one would expose 3389 even with encryption and not wrap it in a SSL or VPN tunnel?
Please provide supporting documentation for your argument.