You may already know Azure Bastion, the remote management (RDP or SSH) feature for Azure Virtual Machine allowing you to connect without using a public IP and opening the management port on NSG (see https://t.co/UBOCpnMD2k).
Well, you can now enable Kerberos authentication when connecting using Azure Bastion.
To do so, connect to your Azure portal (https://portal.azure.com/) and either create a new Bastion host or edit an existing one.
Kerberos authentication can be used with both Basic and Standard Bastion SKUs.
During the preview, Kerberos authentication can only be configured from the portal.
Before setting up Bastion to use Kerberos authentication, you need to ensure your vNet is configured to use your DNS domain servers – they can be on-premises if you use a VPN/ExpressRoute connection.
When creating a new Bastion host, the option to enable Kerberos is available in the Advanced tab
To update an existing Bastion, access the Bastion service blade and edit the Bastion host you want to configure for Kerberos authentication by accessing the Configuration blade