You've successfully subscribed to Florin Loghiade
Great! Next, complete checkout for full access to Florin Loghiade
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.
Native RDP / SSH with Azure Bastion
2 min read

Native RDP / SSH with Azure Bastion

Florin Loghiade's Picture
Florin Loghiade in Azure Bastion Native RDP SSH Azure VMs

I've talked about Azure Bastion in the past -> Azure Bastion - Managed Jump Server (florinloghiade.ro). To tell it in a nutshell, Azure Bastion is a managed jump server which allows you to directly connect to your workloads without the operational hassle.

Recently the Azure Bastion offering received an update which now allows you to have native RDP and SSH connections without having to open the Azure Portal. The only thing that you need is a terminal with AzCli installed.

If you create a new Bastion Service then you need to go to the advanced tab and check native client support.

Otherwise if you already have a Bastion Service deployed, go to the configuration blade and check the native client support box and press apply.

Be aware that this option requires Azure Bastion Standard SKU which will bring raise the cost of the solution.

Requirements for it to work:

  • Reader role on the virtual machine.
  • Reader role on the NIC with private IP of the virtual machine.
  • Reader role on the Azure Bastion resource.

Virtual Machine Administrator Login or Virtual Machine User Login role, if you’re using the Azure AD sign-in method.

Az Cli Version 2.33.1 or higher

At the time of writing, this solution will not work on Linux or MacOS but I'm pretty sure this will come soon :)

To connect to a Windows Machine

az network bastion rdp --name BastionDemo --resource-group Bastion-Demo --target-resource-id /subscriptions/e2d85901-f23b-4293-90a0-e0e169d95686/resourceGroups/Bastion-Demo/providers/Microsoft.Compute/virtualMachines/bastionwindows

To connect to a Linux Machine

az network bastion ssh --name BastionDemo --resource-group Bastion-Demo --target-resource-id /subscriptions/e2d85901-f23b-4293-90a0-e0e169d95686/resourceGroups/Bastion-Demo/providers/Microsoft.Compute/virtualMachines/bastionlinux --auth-type password --username adminuser

This solution will work with VNET peered bastion services or bastions that are in the same VNET as the VMs. Simple solution that brings a lot of value I say.

Have a good one!

You may also like

Azure Bastion - Managed Jump Server
4 min read

Azure Bastion - Managed Jump Server

Ever heard of a jump server or bastion server? No? Well then this post is for you Before we dive into what’s Azure Bastion, we should understa

Florin Loghiade's Picture
Florin Loghiade in Azure Azure Bastion Jump Server Jump VM Microsoft Azure

Places to look at

ITCamp

ITCamp Community

Latest Posts

Azure DevOps - Workload Identity Federation
6 min read

Azure DevOps - Workload Identity Federation

Florin Loghiade's Picture
Florin Loghiade
Azure - Which region should I choose?
7 min read

Azure - Which region should I choose?

Florin Loghiade's Picture
Florin Loghiade
AKS - Cost Visualization and Management
5 min read

AKS - Cost Visualization and Management

Florin Loghiade's Picture
Florin Loghiade

Explore Tags

Azure Microsoft Azure Cloud Azure PowerShell PowerShell AKS ARM Azure Resource Manager Azure VMs PowerShell DSC Containers DSC PowerShell V5 KEDA Desired State Configuration ARM Templates AAD Azure Container Service AKS Virtual Machines IaaS Managed Disks Azure Kubernetes Kubernetes Azure DevOps Azure Windows Console Automation Azure Container Instances Azure Security VSTS Visual Studio Team Services