An honest comparison across latency, edition support, the account model, attack surface, cross-platform clients, and pricing. Microsoft Remote Desktop is the built-in Windows protocol that an entire generation of IT departments built their remote-access policies on, and the RDP client apps for Mac, iPad, and Android are the official way Microsoft expects you to connect to a Windows host from outside the Windows world. Remio takes a different, consumer-friendly approach: it works on Windows Home where RDP cannot host, it hosts on macOS where RDP has no server at all, it needs no Active Directory, no VPN, no RD Gateway, and no exposed 3389 port on the internet. Numbers are current as of May 2026.
| Capability | Remio | Microsoft Remote Desktop |
|---|---|---|
| Performance | ||
| LAN glass-to-glass latency | < 5 ms | ~40–80 ms |
| WAN typical latency (same region) | 30–80 ms | ~80–200 ms |
| Maximum resolution | 4K (3840 × 2160) | 4K (rarely default; 1080p typical) |
| Frame rate ceiling | 60 fps (120 fps on capable hardware) | 30 fps typical, 60 fps with AVC tuning |
| Color reproduction | 4:4:4 (pixel-perfect) | 32-bit; 4:4:4 only with AVC444 enabled |
| HDR pass-through | Yes | No |
| Video codecs | H.265 · AV1 · H.264 | H.264 (AVC444 mode), H.265 (RDP 10) |
| Transport | UDP (WebRTC), direct P2P | TCP 3389 primary, UDP optional |
| Security | ||
| Transport encryption | DTLS 1.3 + SRTP | TLS over TCP 3389 |
| Data-channel encryption | AES-256-GCM, end-to-end | AES-128 / AES-256 (negotiated) |
| Key exchange | ECDHE over Curve25519 | RSA / TLS handshake |
| Inbound port required | None | TCP 3389 (firewall rule needed) |
| Account database to breach | None | Windows account (local or AD/Entra) |
| Known ransomware vector | No | Yes (SamSam, Ryuk via exposed 3389) |
| MFA in basic config | PIN pairing (per-device) | No (requires Entra ID or third-party) |
| Account & access | ||
| Account required | No | Yes (Windows account or AD/Entra) |
| Pairing model | 6-digit PIN | Username + password (Windows credentials) |
| Identity store | None | Local SAM, Active Directory, or Entra ID |
| Concurrent users on one host | Single client per host (today) | One by default; multi-user requires RDS CALs |
| Platform support | ||
| Windows host | Home, Pro, Enterprise, Education | Pro, Enterprise, Education only |
| macOS host | Native (SwiftUI) | Not supported |
| Windows client | Native (C++/WinRT) | Native (built into Windows) |
| macOS client | Native (SwiftUI, Metal) | Microsoft RD app (Mac App Store) |
| iOS / iPadOS client | Native, Apple Pencil supported | Microsoft RD app (no Pencil pressure) |
| Android client | Native (Jetpack Compose) | Microsoft RD app |
| visionOS / Apple Vision Pro | Native spatial window | Not supported |
| Setup & remote internet | ||
| Open inbound port on router? | No | Yes (port-forward 3389 or use Gateway) |
| VPN required for safe WAN use? | No | Recommended (or paid RD Gateway) |
| NAT traversal | ICE / STUN / TURN built-in | Not built-in (manual port forwarding) |
| Time to first connection | ~60 seconds (download, PIN, connect) | 10–30 minutes (enable RDP, firewall, port-forward, VPN) |
| Active Directory needed? | No | Not required, but most enterprise deployments use it |
| Licensing (May 2026) | ||
| Personal use | $0 (all features, all platforms) | $0 (Pro edition + free client apps) |
| Multi-user host (RDS / Terminal Server) | — | RDS CALs required (per-user or per-device) |
| Cloud-hosted Windows desktop | — | Windows 365 Cloud PC: $31–$66 / user / month |
| Windows Home upgrade for hosting | Not needed | ~$99 to upgrade Home → Pro |
Six categories, one paragraph each. The numbers in the table above are the headline; the paragraphs below are the why.
RDP was designed in the late 1990s for thin-client computing across reliable corporate networks, and the pipeline reflects that heritage — TCP-first transport, server-side rendering optimizations, predictable behavior across high-loss links. The original protocol relied on bitmap caching and primitive drawing commands rather than full-frame video, which kept bandwidth use low at the cost of poor performance on motion-heavy workloads. RDP 8 introduced RemoteFX for richer media; that was deprecated in 2020 after CVE-2020-1374 and removed from default deployments. RDP 10 added H.264 with the optional AVC444 mode for full-color encoding and an opt-in UDP transport, which cuts typical LAN latency into the 40–80 ms range on tuned hardware. Remio is built on WebRTC M141 with UDP as the only transport, hardware H.265 or AV1 encoding, and a zero-buffer render path that skips lost frames rather than retransmitting them. On a direct LAN peer-to-peer connection that delivers under 5 ms glass-to-glass at 4K 60 fps. The gap is biggest on a clean local network and narrows over a congested WAN where both tools are bottlenecked by the link, not the pipeline. For cursor responsiveness, mouse-click feedback, and the simple feeling of "the screen is mine", the difference between 5 ms and 60 ms is the difference between transparent and noticeable.
Microsoft ships free RD client apps for Windows, macOS, iOS, iPadOS, and Android, and they are perfectly competent for connecting to a Windows host that runs RDP. What they do not do is host. The Mac RD app cannot accept connections, the iPad RD app cannot accept connections, and there is no RDP server for macOS at all. If the machine you want to reach is a Mac mini in your home office, RDP simply does not apply. Remio ships native clients for the same set of platforms — macOS in SwiftUI with Metal rendering, iOS and iPadOS with full Apple Pencil pressure and tilt forwarding, Android in Jetpack Compose with MediaCodec hardware decode, Windows in C++/WinRT with D3D11VA decode, and visionOS as a native spatial window with eye-tracking forwarded as a cursor hover signal. The host runs on both macOS and Windows. The Microsoft RD iPad app is functional but treats the tablet as a smaller monitor — no Pencil pressure, no native gesture handling, no Magic Keyboard trackpad integration in the way Remio does. For users who actually want to draw, paint, or do precise input from an iPad to a desktop, RDP's iPad client is the wrong tool.
RDP authenticates with a Windows account — a local SAM entry, an Active Directory user, or an Entra ID identity. That account database is the credential store, and if a credential is stolen or guessed, the attacker has the same access the user does. Microsoft does not require MFA on RDP by default; that is an Entra ID feature that must be configured separately, and basic RDP with a local Windows account has no MFA path at all. Password reuse, brute-force attempts against weak passwords, and credential dumps from unrelated breaches all become RDP risks the moment 3389 is reachable. Remio has no account database. Pairing two devices uses a one-time 6-digit PIN that authorizes a specific device, not an identity. There is no Remio-side credential store to phish, breach, or guess. The pairing record lives on each device, and end-to-end encryption uses fresh ephemeral keys per session — ECDHE over Curve25519 for key exchange, AES-256-GCM for the symmetric cipher, DTLS 1.3 plus SRTP for transport. Even Remio's own TURN relay cannot decrypt the payload when fallback is used.
RDP listens on TCP port 3389 for inbound connections. To reach an RDP host from outside the LAN you either expose 3389 directly to the internet — which Microsoft, every security guide, and the FBI all recommend against — or you put it behind a VPN, behind the paid Remote Desktop Gateway, or behind Azure Bastion. SamSam, Ryuk, REvil, and a long list of ransomware families used exposed 3389 endpoints as their primary entry vector during the late 2010s, and Shodan continues to show hundreds of thousands of exposed RDP services on any given day. The fix Microsoft documents is to never expose 3389, and to instead run RDP traffic through a VPN that authenticates separately or through the RD Gateway service, which adds its own configuration and licensing surface. Remio establishes a direct peer-to-peer WebRTC connection with ICE, STUN, and TURN handling NAT traversal automatically. There is no inbound port to open on the router and no port to scan from the internet. When direct P2P is not possible — symmetric NAT on both sides, restrictive corporate firewall, mobile carrier networks — the connection falls back to a Cloudflare TURN relay that still cannot decrypt the payload. Setup for a typical user is: download Remio on both devices, pair with a six-digit PIN, connect. Time from install to first frame is around sixty seconds.
Microsoft Remote Desktop's host service is not available on Windows Home — only on Pro, Enterprise, and Education. This is one of the most consistently surprising limitations for individual users. If the PC you want to reach is a stock-from-Best-Buy laptop running Windows 11 Home, you cannot enable Remote Desktop on it without paying roughly $99 to upgrade Windows to Pro through the Microsoft Store. The Home edition can connect outward — the inbox Remote Desktop client works fine — but it cannot accept connections. That is the most common dealbreaker for individual users who do not realize this until they need remote access. Workarounds like installing the RDP Wrapper Library exist but are unsigned third-party patches that Windows Defender now flags as potentially unwanted. Remio runs on every edition of Windows 10 and 11 — Home included — because it is an application, not a protocol that ties into Microsoft's edition gating. For a household with one machine on Home and one on Mac, RDP is not a possible answer at all; Remio handles both directions out of the box.
RDP is free in the most narrow sense — Windows Pro includes the host service and the Microsoft RD client apps are free downloads on every platform. Around that core there is a real cost structure that catches people out. Multi-user hosting on a single Windows Server requires Remote Desktop Services and per-user or per-device Client Access Licenses, priced at roughly $100 to $150 per seat plus the underlying Windows Server license. Safe internet exposure typically means a VPN subscription, the paid RD Gateway role on a Windows Server, or Azure Bastion metered hourly. Microsoft's modern direction for cloud Windows access is Windows 365 Cloud PC at $31 to $66 per user per month depending on the spec tier — that is the supported path for users who used to run their own RDP server on a home machine. Azure Virtual Desktop is metered on top of the underlying VM and adds further configuration. Remio is free at every tier — personal, professional, multi-device — with no per-user, per-device, or feature cap, no enterprise upsell, no Cloud PC pivot, no telemetry-based monetization. The full feature set including 4K, 4:4:4 color, end-to-end encryption, multi-platform clients, and Cloudflare TURN fallback is what every user gets on day one.
Same numbers, same structure, seven other tools. Pick the one closest to what you already use.
Download once, pair with a PIN, see the latency on your own LAN. No Windows edition upgrade, no port-forwarding, no VPN, no RD Gateway, no Entra tenant. If RDP still serves you better, you are out exactly five minutes.
Available for macOS, iOS, Windows, Android, and visionOS.