Azure: RDP and brute force attack

I have a small server on Azure (Windows 10 pro). There is only one service (webservice REST) on this server and it’s not critical: if the service is down for a few hours or even days or if someone stole the data that’s not a big deal.

I’m the only person that have access to this server, I have a quite strong password with a custom admin user name so I just use "RDP" to manage the server without VPN. A few days ago I saw that my Azure bill was higher than usually (more or less +10USD). I see that it was because of a higher "data transfer out". So I’m try to understand the reason.

I saw that:

• in my web server access and error log (Apache) there is about 80 connections that were blocked (http code 400/403).
• in my web service log (custom log) I haven’t any request (blocked by Apache that require a valid user and password)
• in my Windows security events logs that’s more complicated: I have about 31’000 "audit failure". I see that it’s a kind of brute force attack probably through the rdp port (login events with differents accounts names). I haven’t seen any successful attempts. So in my opinion it’s because of this brute force attack that my bill is higher.

So my question is: could you help me to evaluate how many data transfer those 31’000 connection through RDP could represent ? Are there other elements that I should take into consideration ?

In order to avoid that kind of things I’ll try to install a VPN. For now I just allow my IP adress through RDP in Azure portal.

Thank you for your help
Loic