Azure Bastion is a new Azure service that enables you to create private RDP and SSH to Azure machines. Before Azure Bastion, you would have to create VPN access to Azure or assign a public IP address to the virtual machine(s) and allow RDP/SSH access from the internet.
Before Azure Bastion you could secure the access to the virtual machine using Just In Time VM Access or a VPN. Bastion gives you a full private service in your Azure virtual network so you can access your machines using SSL in the browser without the need to expose your machines.
Azure Bastion is currently in preview. You can access the preview using this URL : https://aka.ms/BastionHost.
How Azure Bastion Works
The Azure Bastion service works over port 443 (SSL) and this is the only port and connection Bastion uses. So port 443 will be the only port that you will have to enable in your virtual network (NSG). Behind Bastion it will connect to your devices over port 3389 (RDP) or 22 (SSH) to the virtual machines.
Alternative to Azure Bastion, you could work with a VPN service to Azure, IP access (with whitelisting) or Just In Time VM Access.
Click the READ MORE button to start going though the actual configuration
How to configure Azure Bastion
Create an Azure Bastion Subnet
Open your Virtual Network and create a new subnet. Bastion requires a separate subnet with the name AzureBastionSubnet. I would recommend at least a /27 subnet for Bastion. Make sure you use this name for the subnet!
Deploy Azure Bastion from the Marketplace
Search for ‘ Bastion’ in the Azure portal and open the ‘Bastion (preview)’ Service
After opening the ‘Bastion (preview)’ service, fill in the required information and make sure to select your virtual network where you already created the AzureBastionSubnet subnet.
Then click ‘review + create’ and again click create. It can take some time to deploy the service. My deployment took 5 minutes.
Access your virtual machines
Using the preview URL, you can access your machines using Bastion. Look up the virtual machine you want to connect to, open up the ‘connect’ button, enter your virtual machine (domain or local) credentials and connect.. that’s is!