Deploying proper certificates to your RDP hosts takes about 30 minutes and stops MITM attacks cold.
Credential Security
+3
One GPO change closes a credential theft vector that's been sitting open for years.
