Everybody uses RDP. Attackers and bots, curiously, also know that everybody uses RDP. If you are working with perimeter servers that are potentially connected to the internet, having RDP enabled can be especially dangerous because it is quite easy to leave your server in a state where it is open from outside your network. This gives anyone the ability to start guessing passwords or trying to brute force their way into your server; or they can just be a way to give you some denial-of-service headaches by throwing thousands of login attempts at that server.

Even aside from the worries of potential access from the public Internet, you may want to ensure that regular users aren't trying to poke around ...