Session Timeout Concepts
Azure Bastion provides secure RDP and SSH access to virtual machines without exposing them to the public internet. Session timeouts help protect resources by automatically terminating idle connections.
Default Timeout Settings
| Connection Type | Idle Timeout | Maximum Session Length |
|---|---|---|
| RDP | 30 minutes | 8 hours |
| SSH | 20 minutes | 8 hours |
| WebSocket (proxy) | 15 minutes | 4 hours |
These values can be overridden by configuring sessionTimeout and idleTimeout in the Azure Bastion resource.
Configuring Custom Timeouts
Use an ARM template or Azure CLI to set custom timeout values.
az network bastion create \
--resource-group myResourceGroup \
--name myBastion \
--public-ip-address myBastionIP \
--sku Standard \
--session-timeout 4h \
--idle-timeout 45mBest Practices
- Keep idle timeout as short as possible while meeting user needs.
- Monitor session durations using Azure Monitor logs.
- Implement role‑based access control (RBAC) to limit who can create or modify Bastion hosts.
- Regularly review and update timeout settings based on usage patterns.