Azure Bastion

You need to create a dedicated subnet for Azure Bastion. This subnet is named AzureBastionSubnet. This subnet must be named exactly this, and it must have a minimum prefix of /26.

To create the subnet:

1. Navigate to your virtual network in the Azure portal.
2. Select Subnets from the left-hand menu.
3. Click + Subnet.
4. Enter AzureBastionSubnet as the name.
5. Set the address range to at least /26.
6. Click Save.

Now, you can deploy the Azure Bastion service.

To deploy Bastion:

1. In the Azure portal, search for "Bastion" and select it.
2. Click Create.
3. On the Basics tab:
   • Subscription: Select your Azure subscription.
   • Resource group: Select an existing resource group or create a new one.
   • Name: Enter a name for your Bastion resource (e.g., myBastion).
   • Region: Select the same region as your virtual network.
   • Virtual network: Select the virtual network where you created AzureBastionSubnet.
   • Subnet: Select AzureBastionSubnet.
   • Public IP address:
     • Click Create new.
     • Enter a name for the public IP address (e.g., myBastion-ip).
     • Ensure the SKU is Standard and Assignment is Static.
     • Click OK.
4. Click Review + create.
5. After validation passes, click Create.

Deployment can take several minutes. Wait for the deployment to complete.

Once Bastion is deployed, you can connect to your virtual machines.

To connect:

1. Navigate to the virtual machine you want to connect to in the Azure portal.
2. Click Connect.
3. Select Bastion from the dropdown.
4. In the Bastion tab, enter the username and password for your VM.
5. Click Connect.

A new browser tab will open, and you'll be connected to your VM via RDP or SSH through Azure Bastion.