---
type: post
title: "Tip 346 - How to use Azure Bastion to access virtual machines"
excerpt: "Learn how to use Azure Bastion to access virtual machines"
tags: [Virtual Machines]
share: true
date: 2021-12-15 08:00:00
---

::: tip 

:fire: Checkout the Azure Developer page at [azure.com/developer](https://azure.com/developer?WT.mc_id=azure-azuredevtips-azureappsdev).

:bulb: Learn more : [Virtual Machines in Azure overview](https://docs.microsoft.com/azure/virtual-machines/windows/overview?WT.mc_id=docs-azuredevtips-azureappsdev). 

:tv: Watch the video : [How to use Azure Bastion to access virtual machines](https://youtu.be/epWKTGGa_wY?WT.mc_id=youtube-azuredevtips-azureappsdev).

:::

### How to use Azure Bastion to access virtual machines

#### Easy and secure connections to Azure VMs
You can connect to [Azure Virtual Machines](https://azure.microsoft.com/services/virtual-machines/?WT.mc_id=azure-azuredevtips-azureappsdev) in several ways. You can use RDP or SSH, and also [Azure Bastion](https://docs.microsoft.com/azure/bastion/bastion-overview?WT.mc_id=docs-azuredevtips-azureappsdev). Bastion doesn't require the VM to have a public IP address, as it connects to your VM using the RDP or SSH protocol over TLS, using your VMs private IP address. All you need is an Azure Bastion resource and an HTML5 capable web client. Because you do not need to expose your Virtual Machines to the public Internet, your VMs are protected against port scanning by rogue and malicious users located outside your virtual network.

In this post, we'll connect to an [Azure Virtual Machine](https://azure.microsoft.com/services/virtual-machines/?WT.mc_id=azure-azuredevtips-azureappsdev) using [Azure Bastion](https://docs.microsoft.com/azure/bastion/bastion-overview?WT.mc_id=docs-azuredevtips-azureappsdev).

#### Prerequisites
If you want to follow along, you'll need the following:
* An Azure subscription (If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=azure-azuredevtips-azureappsdev) before you begin)
* [A Virtual Machine in Azure](https://docs.microsoft.com/azure/virtual-machines/windows/quick-create-portal?WT.mc_id=docs-azuredevtips-azureappsdev)

#### Use Azure Bastion
Connecting to an Azure VM with Azure Bastion is very straightforward:

1. Go to the [Azure portal](https://portal.azure.com/?WT.mc_id=azure-azuredevtips-azureappsdev)
2. Navigate to the Virtual Machine that you want to connect to
3. In the VM overview blade, click **Connect** and select **Bastion**

<img :src="$withBase('/files/130connect.png')">

(Connect to a VM with Bastion from the Azure portal)

4. When you use Bastion for the first time for a VM, you need to follow some steps. The first step is to **expand the VMs address space**, if needed
5. Step two is to **create the Bastion subnet**
   1. Choose an **Address space**. You can leave the default settings if you want
   2. Optionally, you can select a **Network security group**
   3. Click **Create Subnet**

<img :src="$withBase('/files/130bastionstep2.png')">

(Create the Bastion subnet)

5. Next, we need to **create an Azure Bastion resource**
   1. Fill in a Name for the bastion
   2. Pick a **Pricing Tier** for the Bastion
   3. If you picked the **Standard** tier, you can select the amount of **Bastion instances**. This determines how many users can connect to the VM with Bastion at the same time
   4. Leave the settings for the **Public IP address** as they are
   5. Select a **Resource group**
   6. Click **Create Azure Bastion using defaults**. This will create the Bastion and will take a few minutes. Alternatively, you can create an Azure Bastion without the defaults with the button **"I want to configure Azure Bastion on my own"**

<img :src="$withBase('/files/130bastionstep3.png')">

(Create an Azure Bastion resource)

When the Bastion resource is created, you can use it to connect to the VM. Just enter the VM administrator credentials and click **Connect**.

<img :src="$withBase('/files/130login.png')">

(Log in to an Azure VM using Azure Bastion)

This opens the VM session in a browser window. You can use the VM through this secure connection, just like you would through an RDP or SSH client. If you want, you can now [remove the Public IP address](https://docs.microsoft.com/azure/bastion/quickstart-host-portal#remove?WT.mc_id=docs-azuredevtips-azureappsdev) from the VM. 

<img :src="$withBase('/files/130result.png')">

(The VM session in a browser)

#### Conclusion
It is important to keep your [Azure VMs](https://azure.microsoft.com/services/virtual-machines/?WT.mc_id=azure-azuredevtips-azureappsdev) secure. A great way to do that is to remove them from the public internet. And when you do, you can use [Azure Bastion](https://docs.microsoft.com/azure/bastion/bastion-overview?WT.mc_id=docs-azuredevtips-azureappsdev) to connect to them in a secure way, in a browser. Go and check it out!