StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Deploying Azure Bastion

  • July 2, 2019
  • 7 min read
IT production manager based in Paris with a primary focus on Microsoft technologies. Nicolas is a Microsoft MVP in Cloud and Datacenter Management.

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure Virtual Machines. An Azure Bastion secures your strategic and critical assets in order to protect you from cyber risks. It is the only node exposed to the internet and it is acting like a Gateway.

Check the architecture on the following schema from Microsoft Docs:

Schema from Microsoft Docs

In this article, I will explain how to create an Azure Bastion host.


The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To create an Azure Bastion, you must create a Virtual Network with the name “AzureBastionSubnet” and with the prefix of at least /27.

How does it work?

Once you provision the Azure Bastion in a Virtual Network, it is available to all your Virtual Machines in the same virtual network. It means that the deployment is per virtual network. Then a Public IP Address will be assigned to your Azure Bastion. When you will connect to a Virtual Machine, a new tab will be opened in your web browser. When you connect via Azure Bastion, your virtual machines do not need a public IP address.


The first step is to register for the preview. To perform this task, you must be signed into your Azure Account and then you must be enrolled with the following command:


The second step is to register your Azure subscription:


You can check that the feature is registered using the following command:


Creating an Azure Bastion Host

Once the feature is registered, then you can open the Azure Portal Preview from this URL:

Creating an Azure Bastion Host

Specify the configuration settings for your Bastion resource:

  1. Select a Resource Group
  2. Enter the name of your Azure Bastion
  3. Select the region (e.g the prerequisites)
  4. Select a Virtual Network
  5. Select the Subnet with at least /27
  6. Select a Public IP Address

Specify the configuration settings for your Bastion resourceIf you already have an existing Virtual Machine, then you can easily transform the VM to an Azure Bastion. Open the Virtual Machine and click “Connect”. Then, select “Bastion” and click “Use Bastion”.Transform the VM to an Azure Bastion

Connecting to Azure Bastion

Go back to the Azure Bastion blade, and confirm that the deployment is done.

Azure Bastion blade

In order to connect to a Virtual Machine using the Azure Bastion, you just need to:

  • Open the Virtual Machine Blade
  • Start the Virtual Machine you want to connect
  • Click “connect” and select “Bastion”
  • Enter the username and password and click “Connect”

Connect to a Virtual Machine using the Azure BastionA new tab will be opened into your web browser using the Bastion service and HTML5.Bastion service and HTML5Wait a few seconds and then you can use your Virtual Machine in your web browser. Use your Virtual Machine in your web browser


Azure Bastion Service is still in preview, but it works like a charm. It is very easy to deploy and it will secure access to your Virtual Machines. You just need to assign one Public IP Address to the Azure Bastion instead of assigning one Public IP Address per Virtual Machine.

Back to blog