Last week, Microsoft released Azure Bastion in GA. This feature enables us to connect to VMs (Linux or Windows) through Azure Portal.

We all know that connecting production VMs directly to the Internet via a public IP is a huge concern from a cybersecurity standpoint. Therefore, usually, all critical VMs don’t have public IPs, and they are managed either from a site-to-site VPN or a console VM that holds a public IP. In both cases, managing your Azure VMs is not easy since cybersecurity is a concern.

Thanks to Azure Bastion, you don’t need a site-to-site VPN or a console VM to manage all your Azure VMs anymore. Azure Bastion is a PaaS connected between the Internet (through a public IP) and a virtual network. When this service is enabled, you can connect to your VMs through Azure Bastion. By doing this, you will be able to open a console RDS or SSH directly inside the Azure Portal. In this topic, we will see how to deploy and use Azure Bastion.

Azure Bastion


Before deploying Azure Bastion, you need a virtual network with a subnet called exactly AzureBastionSubnet.



To deploy Azure Bastion, open the Azure Marketplace and search for Azure Bastion.

Azure Marketplace

Then click on Create to start the process of Azure Bastion deployment.

Azure Bastion deployment

Next, specify the following information:

  • Name: provide a name for the resource
  • Resource Group: choose a resource group where Azure bastion will belong
  • Region: a few regions are currently available, select a region that fit your needs
  • Virtual Network: select the virtual network where you created AzureBastionSubnet
  • Subnet: Select AzureBastionSubnet
  • Public IP Address: you can use an existing static public IP or you can create a new one.

Create the bastion

At the end of the process, you can review the settings you specified. If all is good, just click on Create.

A screenshot of a cell phone screen with text Description automatically generated

Connect to VM through Azure Bastion

Now, when you click on Connect in an Azure VM, you have an additional option called Bastion. In order to get this option, the Azure VM must belong to the same virtual network as the Azure Bastion.

Connect to VM through Azure Bastion

For a Windows VM, specify the credentials to connect. You can open the console in a new tab or directly inside the Azure Portal:

Specify the credentials to connect

For a Linux VM, you will be asked to specify SSH credentials instead of Windows credentials.

VSAN from StarWind eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows VSAN from StarWind to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.

Learn more about ➡ VSAN from StarWind

Session logs

Azure Bastion is now able to log an active RDS / SSH session. You can check who is connected and where. You also have the option to disconnect them.

Session logs

Moreover, Azure Bastion can be connected to a Log Analytics workspace to centralize event logs.

Views All Time
Views Today
Appreciate how useful this article was to you?
No Ratings Yet
Back to blog
The following two tabs change content below.
Romain Serre
Romain Serre
Senior consultant at Exakis
Romain Serre works in Lyon as a Senior Consultant. He is focused on Microsoft Technology, especially on Hyper-V, System Center, Storage, networking and Cloud OS technology as Microsoft Azure or Azure Stack. He is a MVP and he is certified Microsoft Certified Solution Expert (MCSE Server Infrastructure & Private Cloud), on Hyper-V and on Microsoft Azure (Implementing a Microsoft Azure Solution).