The question is more how bad a successful attack on the RDP machine would be. Would it allow to infiltrate your whole company network or is it just a single isolated host with non-secret data it? – Robert – 2020-02-12T17:54:38.407

Using a different port does not increase your level of security. It doesn't take very much effort (trivial amount) to determine if a service exists on a port. – Ramhound – 2020-02-12T18:42:46.127

A small clarification. The port is nearly always closed. We use an additional layer for requesting a port opening. So a client makes a request via a special interface and gets back a randomized port on which the RDP will be listening. To be able to make such request client must have a valid certificate and also additional password protection. If the request is properly authenticated the clients ip becomes "whitelisted". When the user connects with rdp the ip is verified and only if valid the stream is redirected to the requested host and the randomized port. – A.Bras – 2020-02-12T19:03:46.987

RE: Robert - We have been using this configuration nearly 4 years (we are a small IT company, 7 employees). All activity is strictly logged, and all potential threats are reported via email. As described and clarified above the thing is that the port becomes open during several seconds and only whitelisted ip's are accepted. So in 99% of cases there is simply no time to discover the randomized port and even if an attacker succeded he is directly banned because of his ip is not whitelisted. So under last year we had 2 banns of potential atackers. – A.Bras – 2020-02-12T19:16:58.787

So in fact from the experience i have it's nearly impossible for an attacker to access on port due to reasons described above.. So maybe i should ask instead: Are there any risks when a client is already connected and working with RDP. A good answer on this question i was not able to find somewhere..... – A.Bras – 2020-02-12T19:20:37.123