Use Azure Bastion to connect to a virtual machine

What is Azure Bastion?

According to the official MS Docs (About Azure Bastion | Microsoft Learn) Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer.?

It provides RDP/SSH connectivity to all the virtual machines in the virtual network it’s provisioned in.?

Some of the benefits of Azure Bastion are:?

• RDP and SSH through the Azure portal?
• No public IP address on the Azure VM?
• No need to manage a separate bastion host?

and many others.?

Azure Bastion is deployed in a virtual network which means it supports virtual network peering.

To learn more about virtual network peering I suggest you read the following MS Docs (Azure Virtual Network peering | Microsoft Learn).

Creating a virtual network

Let’s start with creating a new virtual network.?

Go to the Azure portal and in the search type 'virtual networks'.?

Next, click on the '+ Create' button to start creating a new virtual network.

Fill in the details similar to below:

Next go to 'IP Addresses', fill in the address space and add a new subnet like in the following image:?

Click on 'Review + create' and finish creating the virtual network.??After it succeeds, you can go to the resource.?

Now it’s time to create a new virtual machine.??

Creating a virtual machine

In the Azure portal, search for 'Virtual Machines'.?

Click on '+ Create' to start creating a new virtual machine.?

Be careful when filling out the details in the next section.?

In the 'Networking' part, for the virtual network choose the previously created virtual network and the previously created subnet. Set the 'Public inbound ports' to 'Allow selected ports' and set 'Select inbound ports' to RDP (3389).

Finish creating the virtual machine.

Connecting to the virtual machine

Now go to the virtual machine created previously and click on the 'Connect' option on the left menu.?

Select RDP and download the RDP file.

Now double click on it and enter the credentials you specified when creating the virtual machine.

Observe that we have successfully connected to our virtual machine. This RDP was directly through the internet on port 3389.

Now let’s configure Azure Bastion.

Setting up Azure Bastion

Click on the 'Bastion' section which is located in the same menu where you clicked on 'RDP'.

It will give you the option to either deploy Bastion or configure it manually. For this example, we will just click on 'Deploy Bastion'.

Wait for the deployment to finish.

Now when you come back to the 'Bastion' tab it will give you the option to use Bastion.?

Enter the Username and Password for the virtual machine and click on 'Connect'.?

Observe that we connected to our virtual machine successfully through the Azure portal.

Next, go to 'Networking' and observe the rule 'RDP'. Let’s delete the rule.

Now, double click on the RDP file you downloaded and try to connect to the virtual machine. We will get the following error, because remote desktop is no longer exposed to the internet.

Using Bastion, try connection to the virtual machine. You will see that we are still able to connect our virtual machine.

Perfect. We have successfully configured and used Azure Bastion to connect to our virtual machine through the Azure portal and without having our virtual machine expose RDP/SSH ports to the outside world.?

Thanks for sticking to the end of another article from?"Iliev Talks Tech".?#ilievtalkstech

Next steps:

• Grant limited access to Azure Storage resources using SAS
• How to use Application Insights in .NET Core applications