After being in private preview for few months, Azure Bastion, a new way to remotely access virtual machine on Azure, is now in public preview.
Azure Bastion is a PaaS (Platform as a Service) provisioned within your Azure virtual network allowing you to remotely and securely access your virtual machine using Remote Desktop (RDP) or SSH without the need of either public IP assigned to the VM or VPN connection to Azure Virtual Network.
The below diagram (courtesy Microsoft) shows how Azure Bastion works:
The public preview is available in the following region
You can access Azure Bastion using the preview link https://aka.ms/BastionHost to let you provision the service and then accessing your virtual machine using the Bastion service.
It is important to note that you will be able to access your virtual machines using Azure Bastion only by using web browser; it is planned to allow remote access using Bastion by using the ‘classic’ RDP client or SSH client in a future release.
The preview portal is showing an orange banner; if you don’t see this banner, you are in the regular portal.
To provision Azure Bastion you need of course to have a virtual network provisioned and virtual machines attached to it (as you will use Bastion to access them).
First you need to provision a new subnet within your virtual network; this new subnet must be named AzureBastionSubnet and have a /27 prefix.
Search for Bastion
Then click Add or Create (as this will be the first Bastion service you are provisioning)
The creation process is requesting the usual settings (subscription, location), you will have to create a public IP (standard) and select the virtual network on which you have created the AzureBastionSubnet subnet
Once Azure Bastion is provisioned you can use to it access your virtual machines
During the preview you need to access the preview Azure portal to get the Bastion access option on your virtual machine (https://aka.ms/BastionHost)
From the preview portal, search for the virtual machine you want to access on Connect
In the Connect blade which then will appear, you should see Bastion as connection option
When using Bastion, you will then be asked to enter your credentials and have the option to use the remote access in a new browser window. Don’t forget turn off pop-up blocker or allow Azure portal to open a new pop-up
And there you go, you are now using RDP (or SSH) directly from the web browser
You can copy/paste text content between the virtual machine and your client. But file transfer is not (yet) possible (in the roadmap).