I have a small server behind my router which runs Windows 10. It's pretty easy to set up remote desktop directly to the internet and expose the required port by changing the configuration of the router.
Question: Do I have to be aware of security issues refering to that? I mean my server is at least accessable by everyone who knows a valid username/password combination.
If you want to restrict who can access your PC, choose to allow access only with Network Level Authentication (NLA). When you enable this option, users have to authenticate themselves to the network before they can connect to your PC. Allowing connections only from computers running Remote Desktop with NLA is a more secure authentication method that can help protect your computer from malicious users and software. To learn more about NLA and Remote Desktop, check out Configure NLA for RDS Connections.