After being in private preview for few months, Azure Bastion, a new way to remotely access virtual machine on Azure, is now in public preview.

Azure Bastion is a PaaS (Platform as a Service) provisioned within your Azure virtual network allowing you to remotely and securely access your virtual machine using Remote Desktop (RDP) or SSH without the need of either public IP assigned to the VM or VPN connection to Azure Virtual Network.

The below diagram (courtesy Microsoft) shows how Azure Bastion works:

The public preview is available in the following region

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

You can access Azure Bastion using the preview link to let you provision the service and then accessing your virtual machine using the Bastion service.

It is important to note that you will be able to access your virtual machines using Azure Bastion only by using web browser; it is planned to allow remote access using Bastion by using the ‘classic’ RDP client or SSH client in a future release.

The preview portal is showing an orange banner; if you don’t see this banner, you are in the regular portal.



To provision Azure Bastion you need of course to have a virtual network provisioned and virtual machines attached to it (as you will use Bastion to access them).

First you need to provision a new subnet within your virtual network; this new subnet must be named AzureBastionSubnet and have a /27 prefix.


Search for Bastion


Then click Add or Create (as this will be the first Bastion service you are provisioning)


The creation process is requesting the usual settings (subscription, location), you will have to create a public IP (standard) and select the virtual network on which you have created the AzureBastionSubnet subnet


Once Azure Bastion is provisioned you can use to it access your virtual machines




During the preview you need to access the preview Azure portal to get the Bastion access option on your virtual machine (

From the preview portal, search for the virtual machine you want to access on Connect


In the Connect blade which then will appear, you should see Bastion as connection option



When using Bastion, you will then be asked to enter your credentials and have the option to use the remote access in a new browser window. Don’t forget turn off pop-up blocker or allow Azure portal to open a new pop-up


And there you go, you are now using RDP (or SSH) directly from the web browser


You can copy/paste text content between the virtual machine and your client. But file transfer is not (yet) possible (in the roadmap).


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies