Do I need to change port number 3389?

I using SSLVPN remote to office from outside.

Which I have 2 layer of security,

1st = User login to SSLVPN

2nd = User login to Windows

Do I still need to change the port number 3389?

is it enough of safety?

Changing the port number doesen’t really add security. Any hacker will just scan the network for listening ports after joining the vpn anyways. In 2 minutes you would see that your custom port is listening and using RDP. The way to go here is to install DUO for 2FA auth RDP logon.

The ssl-vpn and workstation have different credentials? Do you have mfa on the vpn? Changing the rdp port is pretty pointless tbh.

No. Don’t change it. Don’t allow any outside in. Just use the VPN with MFA. Add MFA for additonal security layer

As long as you aren’t using the same credentials for the sslvpn as the AD/AAD you are fine. This will depend on your VPN setup in my view. If your VPN is password only, it’s better than just RDP but it’s still bad. Certificate based or add MFA if you aren’t already.

No, you don’t need to change it, provided you don’t have RDP (on any port) open to the outside. If it’s open internally only, then you’re good. You have to get the VPN connected before you’re able to connect to anything.