Home
Products
Azure Bastion

Azure Bastion

Fully managed service that helps secure remote access to your virtual machines

Try Azure Bastion free

Protect your virtual machines with more secure remote access

Azure Bastion is a fully managed service that provides more secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs) without any exposure through public IP addresses. Provision the service directly in your local or peered virtual network to get support for all the VMs within it.

Direct connection for RDP and SSH sessions in the Azure Portal with a single click

Support without the need for an agent in your VM or additional software on your browser

Integration of existing firewalls and security perimeters using a modern HTML5-based web client and standard SSL ports

Scalability to manage additional concurrent SSH and RDP connections

Limit public exposure of virtual machine IPs

Access all virtual machines within a local or peered virtual network through a single hardened access point. No public IP address is required on your VMs—using a Bastion host lets you open a more secure RDP/SSH connection using a private IP address.

Protect against zero-day exploits

Use a Bastion host to help limit threats such as port scanning and other types of malware targeting your VMs. Because the host sits at the perimeter of your virtual network, you don’t need to worry about hardening each of your VMs.

Deploy in a few clicks

Azure Bastion provides an integrated platform alternative to manually deploying and managing jump servers to shield your virtual machines. Deploy the Bastion host in just a few clicks to get up and running quickly. The service will begin setting up network security groups (ACLs) across your subnets to keep the IT secure.

Connect more securely from anywhere and on any device

Connect to your virtual machines in your local and peered virtual networks over SSL, port 443, directly in the Azure portal. This clientless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) connectivity enables you to connect from anywhere—on any device or platform—without an additional agent running in your virtual machines.

Enhance security and compliance

Microsoft invests over USD 1 billion annually on cybersecurity research and development.
We employ more than 3,500 security experts who are completely focused on securing your data and privacy.
Azure has more certifications than any other cloud provider. View the comprehensive list.

Learn more about security on Azure

Learn more about Azure Bastion pricing

Using a Bastion is more cost-effective than manually deploying your own jump box. It’s charged on a fixed per-hour basis, plus charges for outbound data transfers.

See pricing details

Azure Bastion resources and documentation

Get started

Read the Azure Bastion overview.

Explore learning paths and modules

Start with the Introduction to Azure Bastion learning module.

Learn to connect to virtual machines through the Azure portal using Azure Bastion.

Trusted by companies of all sizes

Stromasys gives legacy Alpha application new life

While helping a company move core apps on Alpha to a Charon-AXP emulator on Azure, Stromasys engineers found best practice is to configure the VM running Charon behind a service like Azure Bastion, which uses SSL to provide access without IP exposure.

Read the story

Metinvest lays foundations for long-term growth

Global manufacturer Metinvest needed a more scalable infrastructure, so it migrated to Azure. The company now benefits from top-notch security, including Azure Bastion as an essential solution to ensure more secure access to services in VMs.

Read the story

Mphasis modernizes infrastructure

When applied technology company Mphasis migrated its on-premises infrastructure to Azure, it leveraged several Azure services including Azure Bastion host machines for stringent security enforcement across components.

Read the story

Frequently asked questions about Azure Bastion

No, you don’t need a client to access the RDP/SSH connection to your Azure Virtual Machine. Use the Azure portal for RDP/SSH access to your virtual machine directly in the browser.
No, you don't need to install an agent on your browser or your Azure Virtual Machine. Azure Bastion is agentless and does not require any additional software for RDP/SSH.
Use the Microsoft Edge browser for Windows, Google Chrome for Windows and Mac, or Microsoft Edge Chromium for Windows and Mac.
Azure Bastion is available in any of these regions via the Azure portal:
- West US
- East US
- West Europe
- South Central US
- Australia East
- Japan East
Azure Bastion standard (preview) SKU offers key capabilities for enterprises, unblocking critical customer scenarios.

The new Azure Bastion standard (preview) SKU includes these features:
Manual scaling
Azure Bastion supports manual scaling of the virtual machine (VM) instances that facilitate Bastion host connectivity. Configure between two and 50 instances to manage the number of concurrent SSH and RDP sessions.
Admin panel
Azure Bastion supports enabling and disabling features accessed by the Bastion host. Upgrade from basic to standard SKU, configure access to IP-based connection, and manage VM manual scaling.

Ready when you are—let's set up your Azure free account

Start free

Popular

AI + machine learning

Analytics

Compute

Containers

Databases

DevOps

Developer tools

Hybrid + multicloud

Identity

Integration

Internet of Things

Management and governance

Media

Migration

Mixed reality

Mobile

Networking

Security

Storage

Web

Virtual desktop infrastructure

Use cases

Application development

AI

Cloud migration and modernization

Data and analytics

Hybrid cloud and infrastructure