Azure Bastion

Fully managed service that helps secure remote access to your virtual machines.

Try Azure for free Create a pay-as-you-go account

Protect your virtual machines with more secure remote access

Azure Bastion is a fully managed service that provides more secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs) without any exposure through public IP addresses. Choose from SKU options that meet the functionality and cost needs of all organizations – from single users to large enterprises.

Direct connection for RDP and SSH sessions in the Azure Portal and native client with a single click

Support without the need for an agent in your VM or additional software on your browser

Integration of existing firewalls and security perimeters using a modern HTML5-based web client and standard TLS ports

Scalability with Bastion Standard to manage additional concurrent SSH and RDP connections

Limit public exposure of virtual machine IPs

Access all virtual machines within a local or peered virtual network through a single hardened access point. No public IP address is required on your VMs—using a Bastion host lets you open a more secure RDP/SSH connection using a private IP address.

Protect against zero-day exploits

Use a Bastion host to help limit threats such as port scanning and other types of malware targeting your VMs. Because the host sits at the perimeter of your virtual network, you don’t need to worry about hardening each of your VMs.

Deploy in a few clicks

Azure Bastion provides an integrated platform alternative to manually deploying and managing jump servers to shield your virtual machines. Deploy the Bastion host in just a few clicks to get up and running quickly. The service will begin setting up network security groups (ACLs) across your subnets to keep the IT secure.

Connect more securely from anywhere and on any device

Connect to your virtual machines in your local and peered virtual networks over TLS, port 443, directly in the Azure portal or a native client. This clientless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) connectivity enables you to connect from anywhere—on any device or platform—without an additional agent running in your virtual machines.

Comprehensive security and compliance, built in

Microsoft invests more than USD 1 billion annually on cybersecurity research and development.

We employ more than 3,500 security experts who are dedicated to data security and privacy.

Learn more about security on Azure

Learn more about Azure Bastion pricing

Using a Bastion is more cost-effective than manually deploying your own jump box. It’s charged on a fixed per-hour basis, plus charges for outbound data transfers.

See pricing details

Get started with an Azure free account

Start free. Get USD 200 credit to use within 30 days. While you have your credit, get free amounts of many of our most popular services, plus free amounts of 55+ other services that are always free.

After your credit, move to pay as you go to keep building with the same free services. Pay only if you use more than your free monthly amounts.

After 12 months, you'll keep getting 55+ always-free services—and still pay only for what you use beyond your free monthly amounts.

Trusted by companies of all sizes

Metinvest lays foundations for long-term growth

Global manufacturer Metinvest needed a more scalable infrastructure, so it migrated to Azure. The company now benefits from top-notch security, including Azure Bastion as an essential solution to ensure more secure access to services in VMs.

Read the story

Azure Bastion resources and documentation

Get started

Read the Azure Bastion overview.

Explore learning paths and modules

Start with the Introduction to Azure Bastion learning module.

Learn to connect to virtual machines through the Azure portal using Azure Bastion.

Frequently asked questions about Azure Bastion

No, you don’t need a client to access the RDP/SSH connection to your Azure Virtual Machine. Use the Azure portal for RDP/SSH access to your virtual machine directly in the browser.
No, you don't need to install an agent on your browser or your Azure Virtual Machine. Azure Bastion is agentless and does not require any additional software for RDP/SSH.
Use the Microsoft Edge browser for Windows, Google Chrome for Windows and Mac, or Microsoft Edge Chromium for Windows and Mac.
Bastion offers 3 SKUs – Developer, Basic, and Standard -- to meet the functionality and cost needs from single users to large enterprises. Learn more about which Bastion SKU is right for you at SKUs.
Bastion Developer is a new low-cost, zero-configuration, multi-tenant SKU of the Azure Bastion service. Unlike our existing Basic and Standard SKUs, which inject dedicated resources into a customer's virtual network, Bastion Developer depends on a shared resource model to provide private RDP/SSH connectivity to your virtual machines over the Azure portal. The Bastion Developer SKU is ideal for Dev/Test users who want to securely connect to their VMs without the need for additional features or scaling.

Ready when you are—let's set up your Azure free account

Try Azure for free