# How to use Azure Bastion to access virtual machines

# Easy and secure connections to Azure VMs

You can connect to Azure Virtual Machines (opens new window) in several ways. You can use RDP or SSH, and also Azure Bastion (opens new window). Bastion doesn't require the VM to have a public IP address, as it connects to your VM using the RDP or SSH protocol over TLS, using your VMs private IP address. All you need is an Azure Bastion resource and an HTML5 capable web client. Because you do not need to expose your Virtual Machines to the public Internet, your VMs are protected against port scanning by rogue and malicious users located outside your virtual network.

In this post, we'll connect to an Azure Virtual Machine (opens new window) using Azure Bastion (opens new window).

# Prerequisites

If you want to follow along, you'll need the following:

# Use Azure Bastion

Connecting to an Azure VM with Azure Bastion is very straightforward:

  1. Go to the Azure portal (opens new window)
  2. Navigate to the Virtual Machine that you want to connect to
  3. In the VM overview blade, click Connect and select Bastion

(Connect to a VM with Bastion from the Azure portal)

  1. When you use Bastion for the first time for a VM, you need to follow some steps. The first step is to expand the VMs address space, if needed
  2. Step two is to create the Bastion subnet
    1. Choose an Address space. You can leave the default settings if you want
    2. Optionally, you can select a Network security group
    3. Click Create Subnet

(Create the Bastion subnet)

  1. Next, we need to create an Azure Bastion resource
    1. Fill in a Name for the bastion
    2. Pick a Pricing Tier for the Bastion
    3. If you picked the Standard tier, you can select the amount of Bastion instances. This determines how many users can connect to the VM with Bastion at the same time
    4. Leave the settings for the Public IP address as they are
    5. Select a Resource group
    6. Click Create Azure Bastion using defaults. This will create the Bastion and will take a few minutes. Alternatively, you can create an Azure Bastion without the defaults with the button "I want to configure Azure Bastion on my own"

(Create an Azure Bastion resource)

When the Bastion resource is created, you can use it to connect to the VM. Just enter the VM administrator credentials and click Connect.

(Log in to an Azure VM using Azure Bastion)

This opens the VM session in a browser window. You can use the VM through this secure connection, just like you would through an RDP or SSH client. If you want, you can now remove the Public IP address (opens new window) from the VM.

(The VM session in a browser)

# Conclusion

It is important to keep your Azure VMs (opens new window) secure. A great way to do that is to remove them from the public internet. And when you do, you can use Azure Bastion (opens new window) to connect to them in a secure way, in a browser. Go and check it out!