This is the Trace Id: 5602614074c08bdb7f7aa2fa9f0d6eca
Skip to main content
Azure
A close up of a white and orange object.

Azure Bastion

Secure remote access to your virtual machines.
OVERVIEW

Protect your virtual machines with more secure remote access

Azure Bastion is a fully managed service that provides a more secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) protocol access to virtual machines (VMs)—without exposure through public IP addresses.
  • Access all VMs within a local or peered virtual network through a single hardened access point. No public IP address is required on your VMs—using an Azure Bastion host lets you open a more secure RDP or SSH protocol connection using a private IP address.  
    A screenshot of a computer showing Azure portal with private network details.
  • As part of a unified security operations solution, an Azure Bastion host to helps limit threats such as port scanning and other malware targeting your VMs. Because the host sits at the perimeter of your virtual network, you don’t need to worry about hardening each of your VMs.
  • Azure Bastion provides an integrated platform alternative to manually deploying and managing jump host servers to shield your VMs. Get up and running quickly with  the Azure Bastion host in just a few clicks. The service will then begin setting up network access control lists (ACLs) across your subnets to keep your technology infrastructure secure.
    A close-up of a computer server.
  • Connect to your VMs in your local and peered virtual networks over Transport Layer Security (TLS) on port 443 or the Azure portal, or through a native RDP or SSH protocol client. This clientless RDP and SSH protocol connectivity enables you to connect from anywhere—on any device or platform—without an additional agent running in your VMs.
    A close-up of a woman with her hand on her chin.
FEATURES

Cutting-edge capabilities

Increase security with seamless (RDP) and Secure Shell (SSH) protocol access to VMs, without any exposure through public IP addresses.

Direct connection

Connect with a single click for RDP and SSH protocol sessions in the Azure portal.

Agentless support

Provide support in your VM or browser without needing an agent.

Scalable deployments

Scale with Azure Bastion Standard to manage additional concurrent SSH protocol and RDP connections.

VM session recording

Record VM sessions with Azure Bastion Premium to return to and manage events that occurred during the session.

Private-only deployment

Connect to Azure Bastion on a public endpoint or a private endpoint on Premium SKU.
Security

Embedded security and compliance

34,000
Full-time equivalent engineers dedicated to security initiatives at Microsoft.
15,000 
Partners with specialized security expertise.
 
>100
Compliance certifications, including over 50 specific to global regions and countries.
A woman wearing glasses and white earbuds using a laptop.
PRICING

Learn more about Azure Bastion pricing

Charged on a per-hour basis (plus charges for outbound data transfers), Azure Bastion is more cost-effective than manually deploying your own jump box.

Frequently asked questions

  • No, you don’t need a client to access the RDP or SSH protocol connection to your Azure Virtual Machine directly in the browser. Use the Azure portal.
  • No, you don't need to install an agent on your browser or your Azure Virtual Machineto access the RDP or SSH protocol connection. Azure Bastion is agentless.
  • Use the Microsoft Edge browser for Windows, Google Chrome for Windows and Mac, or Microsoft Edge Chromium for Windows and Mac.
  • Azure Bastion has three offerings—Basic, Standard, and Premium—to meet the functionality and cost needs of every type of user from individuals to large enterprises. Learn more about which Azure Bastion offering is right for you.
  • Azure Bastion Developer is a free, lightweight Azure platform capability. This offering is ideal for developers and testers who want to securely connect to their VMs but don’t need additional Azure Bastion features or scaling. With Azure Bastion Developer, you can securely connect to one Azure VM at a time directly through the virtual machine connect blade.
  • Azure Bastion Premium targets customers with highly regulated policies and session management needs. With graphical session recording, users can record and then watch their VM sessions within the Azure Bastion blade. In addition, private-only Azure Bastion allows users to connect to their Azure Bastion sessions via a private IP address, rather than a public IP.
A close-up of a yellow and white sky.
A man and woman looking at a laptop.
Next steps

Choose the Azure account that’s right for you

Pay as you go or try Azure free for up to 30 days.
A woman wearing glasses smiling.
Azure solutions

Azure cloud solutions

Solve your business problems with proven combinations of Azure cloud services, as well as sample architectures and documentation.
A man wearing glasses and looking at a laptop.
Business Solutions Hub

Find the right Microsoft Cloud solution

Browse the Microsoft Business Solutions Hub to find the products and solutions that can help your organization reach its goals.