The best Azure learning site: Azure Document Center / Microsoft Learning
Configure Azure Bastion to protect cloud VMs
The book last time, today I will show you how to use Azure Bastion to connect to a virtual machine through Azure Portal. To use Azure Bastion to connect to a virtual machine through Azure Portal, you need to deploy Bastion to the virtual network where the virtual machine is located. After deployment, use Azure Portal to connect to all VMs in the virtual network where Bastion is located through the dedicated (intranet) IP address of the VM. In this way, users do not need to configure a public IP address for the VM or install special software to realize the remote connection of the virtual machine, which greatly enhances the security of the virtual machine. For more information, you can refer to the following link:
https://docs.microsoft.com/en-us/azure/bastion/bastion-overview?WT.mc_id=AZ-MVP-5002232
Without further ado, let’s take a look at how to use Azure Bastion to protect Azure VM:
Create Bastion host
Open the Azure Portal, click "Create Resource", then search for "Bastion", and then search the results week to select the Azure Bastion we want to use:
Click "Create":
Set up the subscription and resource group to create the Bastion, enter the Bastion name and select the deployment location. Select the virtual network where Bastion needs to be deployed, and then click "Manage Subnet Configuration":
Click "Create Subnet":
Enter the subnet name and address space:
Note: The subnet name must use "AzureBastionSubnet"
The subnet is added, as shown in the figure below:
When a virtual network named "AzureBastionSubnet" exists in the virtual network, the Bastion creation page will automatically select it as the subnet of the Bastion deployment:
Confirm that it is correct and click "Create":
The creation is successful, as shown in the following figure:
Connect to Azure VM
Log in to Azure Portal, click on the virtual machine to be connected to the remote desktop, click "Connect"-"Bastion":
Enter the corresponding username and password, and click "connect":
If the connection is successful, you can see that you are currently connected to port 443 of Bastion through a browser and Bastion is connected to the virtual machine through the internal IP of the VM. The details are shown in the figure below: