You don’t want to assign a public IP to each virtual machine on Azure? You want a secure way to manage your VMS? This article will help you implement the brand new Azure service to get a private and fully managed service which will allow you to access VMS directly from the Azure portal using your browser over the SSL protocol.

So let’s start with some theoretical aspects, the Azure bastion is advantageous in many ways :

  • RDP and SSH sessions over SSL on port 443 via the Azure portal; so from any modern browser you will be able to access your VMS.
  • Azure Bastion is fully managed by Microsoft which means that you will no longer need to manage Network security groups (NSGs) and much more administrative tasks.
  • Your VMs will be protected against port scanning.
  • No need to assign Public IP to your Azure VMs.

The Architecture as designed by Microsoft:

Azure Bastion is currently in public preview and limited to some regions:

  • West Europe
  • West US
  • East US
  • South Central US
  • Australia East
  • Japan East

To participate, you can click on the link below :

After the theoretical part, let’s answer the question How to deploy the AZ Bastion?

First, you will need to deploy the service in your virtual network ( a subnet called AzureBastionSubnet with at least /27 must be created) :

Second, since it’s natively integrated, the platform will automatically detect if the Azure Bastion is deployed on the virtual network your virtual machine and in the connect menu you will get Bastion as a connection option.

Now you can enter your username and password to log in. This will open a web-based SSL RDP Session in the Azure Portal.

And as previously mentioned in this article, there is no need to have a Public IP address assigned to your virtual machine.

I hope this article gives you an overview of the azure bastion. If you want to know more check out the Microsoft documentation. If you have any questions or feedback, feel free to leave a comment or contact me.

In my next article, I will explain how to automate the deployment of the Azure Bastion using ARM template and terraform.