Azure Bastion – Secure SSH & RDP access

In June, Microsoft announced the public preview of Azure Bastion. This new introduced service lets you manage your Azure Resources through SSH and RDP directly via your Browser on a very high security level.

What is a Bastion Host?

A Jump Host, or Bastion Host is “a special-purpose computer on a network specifically designed and configured to withstand attacks“. It is often used to access and manage devices in a separate security zone. The access to this special zone is only provided via this Jump Host/Bastion Host. You control the complete permissions on this server. Reverse Proxies are a kind of Bastion Host which let you access applications through this service only.

Azure Bastion

Microsoft started the development of an out-of-the-box PaaS Solution to provide a fully managed and high secure Jump Host to Azure administrators.

First you deploy the Bastion Host directly to your network in Azure. Afterwards you can start using the service. It makes it possible, that you access your other Azure services directly through the Azure Portal via your browser via SSH or RDP.

If you want to start with Azure Bastion, you need to enable the Preview Features in your Azure Subscription.

#Register Bastion Provider
 Register-AzProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network

#Register Network Provider
 Register-AzResourceProvider -ProviderNamespace Microsoft.Network 

#Verify Provder Registration
 Get-AzProviderFeature -ProviderNamespace Microsoft.Network

Preview Functionalities

During the preview, the following key-features are available in Azure Bastion:

  • RDP & SSH from the Azure Portal
  • Secure Remote Session over SSH & RDP
  • No Public IP requirement anymore for Azure Virtual Machines

The Azure Team will add more features soon. You can also request features through the Azure Community. You can find the documentation in the Azure Docs.

Author: Patrick Riedl

I am Patrick Riedl, and as you can see I am totally Microsoft enthusiastic. Through my work as a Cloud Architect and my background in IT- & information-security, I always try to be ahead of times. With this blog & podcast I hope to give back some knowledge and learning to the online community. I am always looking forward to feedback.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.