Windows Remote Desktop warning showing unknown connection alert and security settings before connecting

Microsoft’s April 2026 Windows update introduces new Remote Desktop (RDP) security alerts to protect users from phishing attacks using malicious .rdp files. These files have been widely abused by threat actors to redirect connections to attacker-controlled systems and access local resources without user awareness.

Windows Remote Desktop warning showing unknown connection alert and security settings before connectingWindows Remote Desktop warning showing unknown connection alert and security settings before connecting

The update adds a one-time educational prompt and a mandatory security warning for every RDP connection. Users now see details like remote address, publisher verification, and requested resource access, all disabled by default. Unsigned files trigger a “Caution: Unknown remote connection” alert, highlighting high-risk scenarios.

This change enforces a secure-by-default approach, requiring user consent for resource sharing and reducing silent exploitation risks. Organizations are advised to use digitally signed RDP files and review connection policies to strengthen remote access security.


NPAV offers a robust solution to combat cyber fraud. Protect yourself and organization with our top-tier security product, RDP Guard