On a 286 or better PC equipped with more than 640 KB of RAM, the additional memory would generally be re-mapped above the 1 MB boundary, since the IBM PC architecture mandates a 384 KB "hole" in memory between the 640 KB and 1 MB boundaries. This way all of the additional memory would be available to programs running in Protected mode. Even without such remapping, machines with more than 1 MB of RAM would have access to memory above 1 MB.
Extended memory is available in real mode only through EMS, UMB, XMS, or HMA; only applications executing in protected mode can use extended memory directly. In this case, the extended memory is provided by a supervising protected-mode operating system such as Microsoft Windows. The processor makes this memory available through the Global Descriptor Table and one or more Local Descriptor Tables (LDTs). The memory is "protected" in the sense that memory segments assigned a local descriptor cannot be accessed by another program because that program uses a different LDT, and memory segments assigned a global descriptor can have their access rights restricted, causing a hardware trap (typically a General Protection Fault) on violation. This prevents programs running in protected mode from interfering with each other's memory.
A protected-mode operating system such as Microsoft Windows can also run real-mode programs and provide expanded memory to them. The DOS Protected Mode Interface is Microsoft's prescribed method for an MS-DOS program to access extended memory under a multitasking environment.