server · reference

🖧

Remote Desktop Services 2019

RDS 2019 — per-user and per-device RDS CALs, role architecture, support through January 2029, and the migration to RDS 2025 / Azure Virtual Desktop.

← All products Licensing FAQ

On this page

Editions · channels · activation · audit notes · FAQs

Editions covered

Edition matrix with feature differences and the right audience.

In-depth sections

Channels, activation, audit, modern management & more.

FAQs answered

Common questions buyers and IT admins ask before purchase.

Words of reference

0.7k

Plain-English, no vendor agenda, updated to current Product Terms.

Edition matrix

Pick the right edition

Each edition targets a specific scale and feature set. Match the workload, not the price tag.

Edition 1

RDS User CAL 2019

Per-named-user in AD. User can connect from any device. Best when users are mobile.

Edition 2

RDS Device CAL 2019

Per-device. Best for shared workstations like training rooms and kiosks.

Edition 3

Base Windows Server 2019 CAL

Separate and additional to RDS CAL. Required for every user or device touching the server.

Side-by-side

Edition comparison

Heuristic capability matrix derived from each edition's intended use. For binding commitments, always confirm against the current Product Terms.

Capability	RDS User CAL 2019	RDS Device CAL 2019	Base Windows Server 2019 CAL
Target audience	General	Workstation	General
Domain / Entra join	—	—	—
Virtualisation rights	—	—	—
Advanced security	—	—	—
Centralised management	—	—	—
Volume Licensing path	—	—	—

Deep dive

Remote Desktop Services 2019 — what to actually know

Remote Desktop Services on Windows Server 2019 is the long-running RDS release that preceded RDS 2025. It ships as a set of roles (Session Host, Connection Broker, Web Access, Gateway, Licensing) and is licensed via per-user or per-device RDS Client Access Licences layered on top of the base Windows Server 2019 CAL. Mainstream support on Windows Server 2019 ended in January 2024; extended support runs through 9 January 2029 with security-only updates. Many organisations still run RDS 2019 in production today; the migration question is RDS 2025 (on-prem continuation), Azure Virtual Desktop (cloud-hosted session host), Windows 365 (per-user cloud PC), or a third-party VDI broker on top of Server 2025.

The five RDS roles

A production RDS deployment is built from five roles. Session Host runs the user sessions and the published apps. Connection Broker load-balances incoming sessions across multiple Session Hosts and handles session reconnection when a user returns to an existing disconnected session. Web Access publishes the RemoteApp and Desktop Connection portal. Gateway provides the SSL-tunnelled entry point from the public internet so that the RDP protocol does not need to be exposed directly. Licensing tracks CAL allocation and issues per-user or per-device CALs to clients. The Connection Broker and Licensing roles can be highly available; Session Host scales horizontally by adding hosts.

Per-user vs per-device RDS CALs

RDS CALs come in two flavours. Per-user CALs are assigned to named users in Active Directory and follow the user across any device they use to connect — the right choice when users connect from multiple devices (laptop, phone, home PC). Per-device CALs are issued to the specific device that connects — the right choice for shared workstations like training rooms, kiosks, or shop-floor terminals where many users sit at the same device through the day. Mixing both modes is allowed; the Licensing service hands out the right CAL type based on the connection. Per-user CALs are technically a 'temporary issued' licence that should reconcile against Active Directory, but in practice many estates do not perform that reconciliation and so over-deploy per-user CALs — a common audit finding.

Base Windows Server CAL on top of RDS CAL

Critically, every RDS user or device also needs a base Windows Server 2019 CAL. The RDS CAL grants access to the RDS-specific session-hosting feature; the base CAL grants access to Windows Server itself. Missing base CALs underneath valid RDS CALs is the second most common RDS audit finding, after under-licensed per-device deployments. For Microsoft 365 estates, the base Server CAL needs to be procured separately from the M365 user subscription — M365 does not include Windows Server CALs.

Support timeline and the migration question

Windows Server 2019 (and therefore RDS 2019) is in extended support through 9 January 2029. Security-only updates continue, but no new features and no protocol enhancements ship. RDS on Windows Server 2025 is the supported on-prem continuation; in-place upgrade from 2019 to 2025 is supported, and existing RDS CALs hold downgrade rights covering older session hosts but cannot be used against newer session hosts without an upgrade. For estates that want to leave on-prem RDS entirely, Azure Virtual Desktop (multi-session Windows 11 Enterprise hosted in Azure) is the cloud destination, with per-user licensing bundled into Microsoft 365 E3/E5 and pay-as-you-go compute. Windows 365 (per-user Cloud PCs) is the simpler alternative for shops that want a one-Cloud-PC-per-user model without managing session hosts at all.

Architecture pitfalls and audit findings

The most common architectural mistake is running Session Host on the same Windows Server instance as the domain controller or the SQL database — Microsoft has been explicit for years that Session Host must run on a dedicated VM. The most common licensing mistake is operating in the 120-day grace period that the RDS Licensing service grants before requiring an installed CAL pack; once that window closes, sessions stop connecting and the licensing team has a fire to fight. Audit findings cluster around missing base Server CALs, under-counted per-device CALs (shared workstations counted as one device when several physical devices share the same hostname through KMS reissue), and per-user CALs deployed against more named users than purchased.

By channel

Where to buy this product

Relative fit of each licensing channel for typical buyers of this product. Calibrate against your own scale and renewal strategy.

Channel fit (typical buyer)

Retail / FPP2

OEM (pre-installed only)6

Volume Licensing10

CSP / Azure8

Retail / FPPIndividuals & small teams

Boxed or ESD keys, transferable, registered to a Microsoft account.

Volume LicensingMid-market & enterprise

MAK / KMS activation, centralized VLSC, optional Software Assurance.

CSP / Microsoft 365Subscription, per user

Monthly / annual seats, managed through partner or admin center.

OEM is not a buying channel for end users. OEM keys are supplied pre-installed by hardware manufacturers and are not sold standalone — choose Retail, Volume or CSP instead.

Support timeline

Lifecycle phases to plan against

Server licensing is per-core with strict minimums, and almost every workload also needs Client Access Licences. Get the core math wrong and you either fail an audit or buy twice the licences you actually need.

Phase 1

General availability

Launch

Standard, Datacenter and (where applicable) Essentials open through Volume Licensing and CSP. Evaluation ISOs available for 180 days.

Phase 2

Mainstream support

5 years

Bug fixes, security updates, feature rollups via the Long-Term Servicing Channel cadence. Hotpatch where supported via Azure Arc.

Phase 3

Extended support

Years 5–10

Security updates only. No new features. SA-covered customers can buy ESU after year 10 for up to three more years.

Phase 4

Beyond ESU

Year 13+

No supported path. Azure offers a 'free ESU on Azure' programme to nudge migration of legacy workloads to Azure VMs.

Procurement checklist

Do this, not that

The small set of decisions that determine whether you overpay, fail an audit, or land in the right place.

Count every physical core on every populated socket, apply the 8-per-processor / 16-per-server minimum, and round up to the nearest 2-pack.

DON'T

Assume hyperthreaded logical cores reduce the licence count — they never do.

Buy User CALs when users access from multiple devices, Device CALs when shared devices have many users (call centres, shop floors).

DON'T

Mix CAL types within the same agreement without a clear split — auditors will pick the worst case for you.

Use Datacenter whenever a host runs more than ~10 Windows VMs — the break-even versus stacking Standard licences arrives quickly.

DON'T

License only the active node of a failover cluster — every node that could host the VM needs cores licensed unless SA mobility applies.

Activate Azure Hybrid Benefit on SA-covered cores to halve Azure VM cost or stack with reservations.

DON'T

Forget that AHB requires Software Assurance or a subscription — perpetual-only licences without SA are not eligible.

Typical deployments

How buyers actually use Remote Desktop Services 2019

Three reference deployments — find the closest match and adapt rather than starting from zero.

Scenario 1

Single-host file & print

One Standard server licensed for all physical cores, plus Device or User CALs for everyone who reads a share or prints a job. Essentials only if you genuinely stay under 25 users and never need a second box.

Scenario 2

Hyper-V cluster (3 nodes)

Datacenter on every node, sized to the largest host's core count. Cluster-aware updating, Storage Spaces Direct optional, and live migration without licence movement headaches.

Scenario 3

RDS farm

Per-user or per-device RDS CALs in addition to the Windows Server CAL. License the broker and session hosts identically; do not forget the redundancy node.

Cost optimisation

Where the savings actually live

None of these are tricks — they are the same levers Microsoft's own licensing specialists pull on every renewal.

💰

Datacenter for dense virtualisation

On hosts running more than ~10 Windows guests, Datacenter is almost always cheaper than stacking Standard 2-OSE blocks, and it unlocks Storage Replica, S2D and shielded VMs at no extra cost.

📊

Azure Hybrid Benefit

Reuse on-prem core licences with active SA on Azure VMs for up to 180 days of dual-use during migration, then keep the discount on the Azure side indefinitely while SA is current.

🎯

Right-size CALs

Audit who actually authenticates against the server — service accounts, scanners and IoT devices often need an External Connector or Device CAL, not a User CAL.

Counterfeit & risk

Red flags when buying second-hand

These four signals show up in every counterfeit-licence case we have seen. If any of them is present, walk away — no discount makes it worthwhile.

⚠ 01

Standalone OEM key sold below market

OEM keys are distributed only pre-installed on hardware and stay bound to that device for life. A separately sold OEM key is almost certainly leaked, harvested from scrapped hardware, or fully counterfeit.

⚠ 02

Lifetime key with no invoice or VLSC record

Microsoft entitlement always leaves a paper trail — a Volume Licensing Service Center record, a CSP invoice, a sealed Retail box with a COA, or a Microsoft Store order. No proof = no defence in an audit.

⚠ 03

Key works once, then 'not genuine' after the next cumulative update

Classic symptom of a MAK key that has exceeded its activation pool, or a KMS key being abused outside its volume programme. Microsoft revokes these centrally; the activation grace period is short.

⚠ 04

Seller refuses to put the entitlement in your tenant

Legitimate CSPs and LARs transfer the licence into your Microsoft 365 / Azure / VLSC tenant under your domain. If the seller insists on activating 'for you' on their account, you do not own anything.

Acronyms

Licensing terms used on this page

Quick definitions — the full glossary lives at /en/glossary if you need to dig deeper.

CSP

Cloud Solution Provider — Microsoft's primary indirect channel for subscriptions and cloud services.

VLSC

Volume Licensing Service Center — the portal where Volume Licensing keys, agreements and downloads live.

MAK

Multiple Activation Key — a Volume Licensing key with a finite activation count, used for isolated machines.

KMS

Key Management Service — an on-premises activation host that activates clients on a 180-day re-check cycle.

Enterprise Agreement — Microsoft's largest commitment-based volume contract, typically a 3-year term with annual true-ups.

Software Assurance — the upgrade-and-benefits add-on to Volume Licensing; required for new version rights and several mobility scenarios.

Browse the full glossary →

FAQ

Frequently asked questions

Per-user or per-device?+

Per-user for mobile staff. Per-device for shared workstations. Mixing both modes is allowed and licensing chooses the right CAL per connection.

Do we still need base Server CALs underneath RDS CALs?+

Yes. RDS CALs cover the session-hosting feature; base Server CALs cover Windows Server itself. Both are required and both are checked in audits.

Is RDS 2019 still supported?+

Through 9 January 2029 under extended support with security updates only.

Should we move to RDS 2025 or Azure Virtual Desktop?+

RDS 2025 for organisations committed to on-prem session hosting. AVD or Windows 365 for organisations comfortable with cloud-hosted session hosts and a per-user subscription model.

Where can I legitimately buy a license?+

Through Microsoft's Retail channel, an authorised Cloud Solution Provider (CSP), or a Volume Licensing partner (MPSA, Enterprise Agreement, Open Value, Server & Cloud Enrollment). OEM keys are distributed only pre-installed by hardware manufacturers and stay bound to that device for life — they are not sold to end users as standalone products. Anyone offering a 'cheap OEM key' as a standalone download is, by definition, operating outside Microsoft's distribution terms.

What gets checked in a Microsoft licensing audit?+

Auditors map every installed copy to a proof of purchase (VLSC record, CSP invoice, sealed Retail FPP), verify edition alignment (features used must match the licensed edition), and confirm CAL counts cover the maximum number of authenticated users or devices during the audit window. Small variances usually resolve with a true-up; large gaps escalate to Software Asset Management engagements and back-billing at list price.

Other products in this category

🖥️

Windows Server 2025

Windows Server 2025 — Standard vs Datacenter, per-core licensing, CALs, virtualisation rights and Azure Hybrid Benefit.

Read reference →

🖧

Remote Desktop Services (Windows Server 2025)

RDS on Windows Server 2025 — per-user vs per-device CALs, the RD Licensing role, and AVD as the cloud alternative.

Read reference →

⚙️

System Center 2025

System Center 2025 — SCOM, SCCM/MECM, SCVMM, DPM and Orchestrator for on-prem infrastructure management.

Read reference →