Azure Bastion

Private and fully managed RDP and SSH access to your virtual machines

Managed RDP/SSH to VMs over SSL using private IP on the VM

Azure Bastion (Preview) is a fully managed PaaS service that provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure Portal. Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without any exposure through public IP addresses.

Connect your RDP and SSH sessions directly in the Azure Portal using a single click experience

Log into your Azure virtual machines and avoid public Internet exposure using SSH and RDP with private IP addresses only

Integrate and traverse existing firewalls and security perimeter using a modern HTML5 based web client and standard SSL ports

Use your SSH keys for authentication when logging into your Azure virtual machines

Limit public exposure of virtual machine IPs

Access all virtual machines within a virtual network through a single hardened access point. Exposing the bastion host as primary exposed public access helps lockdown of public Internet exposure and limit threats such as port scanning and other types of malware targeting your VMs.

Fully managed bastion service

Take advantage of a fully managed, autoscaling and hardened PaaS service, to provide you secure RDP and SSH connectivity. Seamless integration and easy one-time setup of Network Security Groups (ACLs) across your subnets, prevent subsequent and continuous management. Azure Bastion provides an integrated platform alternative to manually deploying and managing jump servers to shield your virtual machines. You can deploy Azure Bastion in just a few minutes and start using it instantly.

RDP and SSH to Azure Virtual Machines over SSL

With Azure Bastion, you can connect to your virtual machines in your virtual network over SSL, port 443, directly in Azure Portal. This enables clientless RDP/SSH connectivity so that you can connect from anywhere – any device and any platform, and without any additional agent running inside your virtual machines.

Enhance security and compliance

  • Microsoft invests over USD 1 billion annually on cybersecurity research and development.
  • We employ more than 3,500 security experts who are completely focused on securing your data and privacy.
  • Azure has more certifications than any other cloud provider. View the comprehensive list.

Save 50% during Azure Bastion preview

  • You can start and try out Azure Bastion immediately with 50% discount during the preview.

Get Started today

Deploy Azure Bastion quickly using the step-by-step guide
Connect to your virtual machines using RDP with Azure Bastion
Connect to your virtual machines using SSH with Azure Bastion

Explore Azure Bastion Documentation

Securing your RDP/SSH access to Azure VMs

Azure Bastion is a new fully platform-managed PaaS service you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your VMs directly in the Azure portal over SSL. When you connect via Azure Bastion, your virtual machines do not need a public IP address.

Learn more

Deploying Azure Bastion – How To Guide

Read this article to create an Azure Bastion. Once you provision Azure Bastion service in your virtual network, the seamless RDP/SSH experience is available to all your VMs in the same virtual network. This deployment is per virtual network, not per subscription/account or virtual machine.

Learn more

Connecting to your Virtual Machine using RDP or SSH

Read this article to securely and seamlessly RDP to your Windows VMs in your virtual network using Azure Bastion. You can connect to a VM directly from the Azure portal. When using Azure Bastion, VMs don't require a client, agent, or additional software.

Learn more

Bastion updates, blogs, and announcements

Frequently asked questions

  • The preview is available to all customers. Use the steps in this article to create a new Azure Bastion resource. Currently, when accessing and using this service, you must use the Azure portal - preview instead of the regular Azure portal. The public preview is available in these public regions.
  • You do not need an RDP or SSH client to access the RDP/SSH to your Azure virtual machine in your Azure portal. Use the Azure portal - preview link to access the preview flight of the portal. This will let you get RDP/SSH access to your virtual machine directly in the browser.
  • You don't need to install an agent or any software on your browser or on your Azure virtual machine. The Bastion service is agentless and does not require any additional software for RDP/SSH.
  • During the preview, use the Microsoft Edge browser or Google Chrome on Windows. For Apple Mac, use Google Chrome browser. Microsoft Edge Chromium is also supported on both Windows and Mac, respectively.
  • You can deploy and use the Bastion resource in any of these preview regions via the Azure portal - preview link.
    • West US
    • East US
    • West Europe
    • South Central US
    • Australia East
    • Japan East
  • Azure Bastion is billed at a 50% discount during the preview. During preview there is no SLA associated with the service. For more information, see the pricing page.

Ready when you are—let’s set up your Azure free account.