For all this, the organization must have a dynamic, but WHITE address - that is, an address that is directly accessible from the Internet.
If there is no such address, you have about four options:
-buy an address from an ISP
-buy a VDS and throw a tunnel through it (5 bucks a month)
-use a hidden host in TOR (but the ping can be unpleasantly high, but it's free)
-tunnel via TOX (same as TOR)

Is there a white ip, as indicated above?
Forwarding should be done
Internet center> Mikrotik> PC with RDP

There are 2 options. On this, do forwarding from an external address and port to Mikrotik, and on Mikrotik as in an article, where there is more water than meaning. Or you specify the address of the Mikrotik in dmz, but then all traffic will fall there. In the second option, it is tedious to configure the Mikrotik firewall, for security. Although it needs to be adjusted anyway.
And one more thing, RDP naked outside is a bad thing, sooner or later they can be hacked. Already seen 1 case. Changing ports as in the article, the method of the schoolboy who rewrote the article. It won't help, scanners will recognize the port anyway. verified.

If you have a "white" static address - just do forwarding as per your link.
If you have a "white" dynamic address - forwarding is enough for the test, as per the link, in order to use it for a long time, buy a "white" static address from the provider (usually a small monthly payment), or set up a dynamic DNS
If the address is "gray" - buy from the provider " white" static address.
I don’t do microtics and I don’t know about iota services. Tips, I hope, universal.
It’s true that there have been security issues with the RDP protocol lately, but if on the computer side you have the option “with network level authentication” enabled, or I don’t remember exactly in Win 7, something like only new clients will do.
PS: I'm sorry if the necropost - maybe someone will come in handy.