Skip navigation

Azure Bastion

Fully managed service that helps secure remote access to your virtual machines

Protect your virtual machines with more secure remote access

Azure Bastion is a fully managed service that provides more secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs) without any exposure through public IP addresses. Provision the service directly in your local or peered virtual network to get support for all the VMs within it.

Direct connection for RDP and SSH sessions in the Azure Portal with a single click
Support without the need for an agent in your VM or additional software on your browser
Integration of existing firewalls and security perimeters using a modern HTML5-based web client and standard SSL ports
Scalability to manage additional concurrent SSH and RDP connections

Limit public exposure of virtual machine IPs

Access all virtual machines within a local or peered virtual network through a single hardened access point. No public IP address is required on your VMs – using a Bastion host lets you open a more secure RDP/SSH connection using a private IP address.

Protect against zero-day exploits

Use a Bastion host to help limit threats such as port scanning and other types of malware targeting your VMs. As the host sits at the perimeter of your virtual network, you don’t need to worry about hardening each of your VMs.

Deploy in a few clicks

Azure Bastion provides an integrated platform alternative to manually deploying and managing jump servers to shield your virtual machines. Deploy the Bastion host in just a few clicks to get up and running quickly. The service will begin setting up network security groups (ACLs) across your subnets to keep the IT secure.

Connect more securely from anywhere and on any device

Connect to your virtual machines in your local and peered virtual networks over SSL, port 443, directly in the Azure portal. This clientless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) connectivity enables you to connect from anywhere – on any device or platform – without an additional agent running in your virtual machines.

Enhance security and compliance

  • Microsoft invests over USD 1 billion annually on cybersecurity research and development.
  • We employ more than 3,500 security experts who are completely focused on securing your data and privacy.
  • Azure has more certifications than any other cloud provider. View the comprehensive list.

Learn more about Azure Bastion pricing

Using a Bastion is more cost-effective than manually deploying your own jump box. It’s charged on a fixed per-hour basis, plus charges for outbound data transfers.

Azure Bastion resources and documentation

Getting started

Read the Azure Bastion overview.

Trusted by companies of all sizes

Stromasys gives legacy Alpha application new life

While helping a company move core apps on Alpha to a Charon-AXP emulator on Azure, Stromasys engineers found that the best practice is to configure the VM running Charon behind a service such as Azure Bastion, which uses SSL to provide access without IP exposure.


Metinvest lays foundations for long-term growth

Global manufacturer Metinvest needed a more scalable infrastructure, so it migrated to Azure. The company now benefits from top-notch security, including Azure Bastion as an essential solution to ensure more secure access to services in VMs.


Mphasis modernises infrastructure

When applied technology company Mphasis migrated its on-premises infrastructure to Azure, it leveraged several Azure services including Azure Bastion host machines for stringent security enforcement across components.


Frequently asked questions about Azure Bastion

  • No, you don’t need a client to access the RDP/SSH connection to your Azure Virtual Machine. Use the Azure portal for RDP/SSH access to your virtual machine directly in the browser.
  • No, you don’t need to install an agent on your browser or your Azure Virtual Machine. Azure Bastion is agentless and does not require any additional software for RDP/SSH.
  • Use the Microsoft Edge browser for Windows, Google Chrome for Windows and Mac, or Microsoft Edge Chromium for Windows and Mac.
  • Azure Bastion is available in any of these regions via the Azure portal:
    • West US
    • East US
    • West Europe
    • South Central US
    • Australia East
    • Japan East
  • Azure Bastion standard (preview) SKU offers key capabilities for enterprises, unblocking critical customer scenarios.

    The new Azure Bastion standard (preview) SKU includes these features:

    Manual scaling

    Azure Bastion supports manual scaling of the virtual machine (VM) instances that facilitate Bastion host connectivity. Configure between 2 and 50 instances to manage the number of concurrent SSH and RDP sessions.

    Admin panel

    Azure Bastion supports enabling and disabling features accessed by the Bastion host. Upgrade from basic to standard SKU, configure access to IP-based connection and manage VM manual scaling.

Ready when you are – let’s set up your Azure free account