Windows Server 2016 Essentials and Macs connecting remotely

You can connect a MAC with a VPN (SSTP) but the safer and better bet is direct Remote Desktop. Assuming you used the anywhere access wizard, Essentials will use the remote desktop gateway service, so you need to forward the router port 443 to the server (not 3389).  Then the MAC can simply download from the Apple Store the free Remote Desktop  Client.  Don't forget to use the advanced settings and insert the RD Gateway address.

I have anywhere working fine.  443/1723 ports forwarding the Essentials Server.  Do you have any recommendations on a specific Apple Store RDP client?  Need specifics as far as using the advanced settings, etc.

This is the official latest Microsoft Remote Desktop client
https://itunes.apple.com/us/app/microsoft-remote-desktop-8-0/id715768417?mt=12

Rob - thanks for this information.  I will pickup the MacBook over the weekend and see if I can get it to connect.  I will let you know the outcome.  Thanks.

If it works with a PC, there shouldn't be any problem with a MAC.  Sometimes takes a little tweaking to get the right information in the right box if you are not familiar with it.
Any trouble, let us know.

Normally, remote users logon via the remote portal (https://remote.ABCcorp.com).  Once authenticated they select an available computer they are authorized to access and connect to it.  IE has to be used since I believe it requires ActiveX Controls.  I've tried with Google Chrome, but the available computers do not display/list.

Ah.

There are 2 ways to connect; using a web browser, or a Remote Desktop client (PC or MAC).  Yes, using a browser does require Active-X, thus only IE works.  Using the RDP client, connects directly to the selected device, PC or server.  You do need to know the name of the computer to which you are connecting as you are not presented with a list.  The client is a much  faster option for the initial connection, though once connected, they both work the same.  Having said that, I don't know why but the first time you connect from any device (PC, MAC, Tablet, Laptop) the connection takes longer than subsequent connections from the same device.  

If you want to connect from a PC using the client, just look for the Remote Desktop Client under programs, I think "Windows Accessories" or you can type in the run or search box     mstsc    to start the client.  The gateway settings are under "Advanced" / "settings".

I understand what you're saying.  Normally, I've setup a VPN on employee remote computers, and then have establish the VPN and then connected via RDP.  I believe establishing the VPN to be more secure than just using an RDP session.  Do you not agree?

No.  If you look at my profile, I am very familiar with VPN's but they have one huge flaw, a wide open tunnel between an unmanaged client and your corporate network.  The tunnel itself is very secure, but you have no control over the traffic within it.  Viruses can traverse the tunnel, easy to steal corporate data, if the remote computer is hacked they have direct access to the corporate network, and the VPN degrades performance slightly.  

A site-to-site VPN between 2 VPN routers and two managed offices is a different story.

VPN doesn't require using the gateway service, but that is just a simple entry.  If you don't have an RDP Gateway service, a VPN is a consideration, but you do have the gateway so I would recommend using it.  That in conjunction with good password policies is quite secure.  Make sure you enforce complex passwords and account lock outs for X wrong guesses. That applies to VPNs too.

Makes sense.  I will let you know what happens over the weekend.  Thanks again.

I just tried it out, and it worked like a charm! Thanks for all your help.

Glad to hear.  Very welcome.