Configure Azure Bastion to Connect to Virtual Machines

Azure Bastion is a service (PaaS) which provides the ability to connect (RDP/SSH) to Azure virtual machines directly over TLS. With Azure Bastion, you don’t need to configure a public IP address on the VM to connect through RDP or SSH. Also, you don’t need any additional agent or software installed on your machine or inside Azure VM since you connect to VM directly from the Azure portal. Only an HTML5 capable browser is sufficient.

Azure Bastion deployment is per virtual network. Therefore, once you deployed it to a virtual network, you can connect to any VM inside that virtual network.

Image Courtesy: Microsoft

To Configure Azure Bastion follow these steps.

1. In Azure portal search for Bastion.

2. Click on Add.

3. Fill in the details.

a. Select your subscription and resource group.

b. Enter a desired name for bastion service and select the region you’re going to deploy it.

c. Select the virtual network and subnet for Bastion service. Note that for Bastion service there should be a separate subnet inside of your virtual network. It should have /27 or greater address space and named as AzureBastionSubnet. You can create this using “Manage subnet configuration” link.

Once done click Review + create

4. If the validation passed, click Create.

5. You can view the status of the deployment.

6. If there's no errors you will see the deployment has completed. Sometimes due to intermittent issues deployment may fail. Redeploy will fix it.

7. Now Go to Virtual Machines > Select a VM > Click on Connect.

8. Select Bastion.

9. Enter Username, Password and click Connect. If you are connecting to a domain (ADDS) joined machine use UPN (username@domain) format.

10. Depending on the browser configuration you might have to enable pop-ups from Azure to open connection window.