Microsoft Releases Preview of Azure Bastion

Microsoft is now letting organizations use a private Internet connection to access Azure virtual machines (VMs) with its new Azure Bastion service, which was launched as a preview on Tuesday.

The managed service was created as an additional safeguard for organizations that don't want to connect to Azure VMs using public Internet connections, which could pose "security and connectivity issues," Microsoft explained in its announcement. As an alternative to Microsoft's service, organizations could instead set up their own "jump server" or "bastion host" to get these private connections. However, they'd have to do some setup and maintenance work to make that happen.

For instance, creating a jump server requires having a "Remote Desktop Services (RDS) gateway" in place. Organizations also would need to handle "the configuration and managing of authentication, security policies and access control lists (ACLs)." Moreover, they'd be tasked with "managing availability, redundancy, and [the] scalability of the solution," Microsoft suggested.

With the Azure Bastion service, organizations can start an RDS or Secure Shell (SSH) remote connection session from the Azure Portal using an HTML5-based Web browser. They connect via a Secure Sockets Layer (SSL) connection to the Azure Bastion service located in a subnet using Port 443. The Azure Bastion service then permits the user to access an Azure VM using a private Internet Protocol address (see diagram).

[Click on image for larger view.] The Azure Bastion managed service permits a user connect to an Azure virtual machine using a private Internet address. (Source: Microsoft Azure blog post)

The Azure Bastion service is agentless, and Microsoft takes care of the patching and maintenance. The setup was described as being "simple," and Microsoft provides documentation at this page. When the service is set up, organizations will have protections against external port scanning of the Azure VMs they use, Microsoft promised.

In a future release, Microsoft plans to add Azure Active Directory integration with the Azure Bastion service. Plans include adding single sign-on access, as well as multifactor authentication (a secondary means of verifying identity besides passwords). Microsoft is also looking at expanding client and auditing support for the service.

"We are also looking to add support for native RDP/SSH clients so that you can use your favorite client applications to securely connect to your Azure Virtual Machines using Azure Bastion, while at the same time enhance the auditing experience for RDP sessions with full session video recording," the announcement explained.

The preview of the Azure Bastion service is currently limited to certain Azure regions, according to Microsoft's FAQ document, namely:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

Also, the preview only works currently with the Azure Portal preview. There's no need to setup RDP or SSH beforehand as those connections are available within the Azure Portal. The preview is supported using the Microsoft Edge browser or Google Chrome on Windows. Those browsers also are supported on the macOS platform for the preview.

Microsoft charges for the use of the Azure Bastion service. It's charged by the hour and for the amount of outbound data transfers involved, as described at Microsoft's pricing page. Users will "only be billed partially during public preview," Microsoft indicated, although there's no service-level agreement during the preview phase.

For perspective on how the Azure Bastion Service could serve as a secure remote access solution for organizations, see this blog post by Aidan Finn, a Microsoft Most Valuable Professional. Right now, the Azure Bastion Service is a bit thin on having the needed capabilities, he suggested.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Premium-Level Azure AD Coming to Microsoft 365 Business

    Users of Microsoft 365 Business will be able to access Azure Active Directory Premium P1 licensing free of charge, Microsoft said this month.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Curvey Stone Steps Graphic

    Microsoft Makes Run at 5G, Edge Computing with Azure Edge Zones

    Microsoft is promising to enable new edge computing scenarios for partners and developers with Azure Edge Zones, which became available as a preview this week.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.