Azure Bastion - New Network Service Available as Preview
With Azure Bastion, Microsoft has announced a new network service for Azure that provides secure remote access with seamless RDP and SSH connectivity for virtual machines over Secure Sockets Layer (SSL).
According to Microsoft's own Azure blog, the new service is deployed directly on a virtual network and acts as a bastion host for all authorized machines on the virtual network. Thanks to Azure Bastion, virtual machines no longer require public IP addresses, but open the RDP/SSH connection via private IP addresses. This prevents the spying of IP addresses using port scanning. Furthermore, the service is seamlessly integrated into the Azure portal and enables the direct start of RDP and SSH sessions to the virtual hosts. Azure Bastion is offered as a PaaS service, making it a Microsoft-managed service that is continuously updated and protected from known vulnerabilities, a significant advantage over custom-built jump or gateway servers.
For the future, Microsoft plans to integrate Azure Active Directory for single sign on, multi-factor authentication for RDP/SSH connectivity, and native support for RDP/SSH clients.
Azure Bastion is now available as a public preview.