Azure Bastion Documentation

Share a Session with Azure Bastion

This tutorial walks you through configuring Azure Bastion so that multiple users can simultaneously view and interact with a single remote desktop session. This is useful for collaborative troubleshooting, training, or demonstrations.

Prerequisites

Step 1 – Enable Session Sharing on the VM

Azure Bastion uses the Remote Desktop Session Host (RDSH) service to allow sharing. Install the required Windows features:

powershell
Install-WindowsFeature -Name Remote-Desktop-Services -IncludeAllSubFeature -Restart

Step 2 – Create a Shared Access Token

Generate a SAS token that grants temporary access to the session. Replace <resource-group> and <vm-name> with your values.

az network bastion session create \
  --resource-group <resource-group> \
  --name <vm-name> \
  --target-resource-id $(az vm show -g <resource-group> -n <vm-name> --query id -o tsv) \
  --auth-type AAD \
  --duration 60

The command returns a URI that participants can open in a browser.

Step 3 – Distribute the Session Link

Copy the sessionUri from the previous output and share it via Teams, email, or a secure channel.

Session URI:
https://portal.azure.com/#blade/Microsoft_Azure_Bastion/SessionBrowserBlade/...

Step 4 – Interact with the Shared Session

When participants click the link, the Azure Bastion portal opens a shared RDP window. All users can see each other's cursor movements and input in real time.

Shared bastion session view
Multiple users collaborating in one RDP session.

Step 5 – End the Session

When the session expires, or you manually terminate it, all participants are disconnected. To end early:

az network bastion session delete \
  --name <session-id> \
  --resource-group <resource-group>

Best Practices

For deeper troubleshooting, see the Troubleshooting guide.