By now I hope you know about Azure Bastion, the Azure solution allowing you to connect to your Azure virtual machine though the web browser rather than opening management ports or deploying a jump box virtual machine.
Lately, Microsoft has introduced a free version of Azure Bastion (Bastion Developer – see Azure – New low cost Azure Bastion SKU – Bastion Developer (preview) (hametbenoit.info)).
Well, Bastion just got a new capability to allow you deploying Bastion in private; meaning with no need to use Internet and a public IP address.
Private-only Bastion deployments don’t allow connections to the bastion host via public IP address.
First, few things to be aware:
- Only available with Premium Bastion SKU
- Only available during the deployment of Bastion
- You can not migrate from regular to private-only SKU
- If you already have a Bastion deployed within a virtual network and want to implement private-only, you need to remove Bastion from the network
- If you are using ExpressRoute or VPN to connect to Azure, you need to configure in-private Bastion using the IP-Based connection
When deploying Azure Bastion, you have to choose the Private IP address option for the Configure IP Address section