Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Cloud Computing|Microsoft Azure

Microsoft's Azure Bastion Creates a Secure Connection to Off-Internet VMs

The Internet will go down as one of humanity’s best creations as a tool to distribute information at a wide scale in real time. While the platform has many benefits, not everyone wants to connect critical infrastructure component to it as there are also significant risks in exposing your components to the rest of the world.

Microsoft announced a new Azure service this week called Bastion which makes it significantly easier to securely and remotely connect to your non-connected VMs. The service is a new and managed PaaS offering that provides seamless RDP and SSH connectivity to your virtual machines over the Secure Sockets Layer (SSL).

The key here is that this connection can be made without exposing your IPs to the public Internet and instead, Azure Bastion provisions directly into your Azure Virtual Network; effectively securing the connection and keeping it private from outside eyes. This complex connection can be configured in two clicks, according to Microsoft, and mitigates the need to configure and manage network security policies.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Even though this is a preview, here’s a list of the key features included in this release:

  • RDP and SSH from the Azure portal: Initiate RDP and SSH sessions directly in the Azure portal with a single-click seamless experience.
  • Remote session over SSL and firewall traversal for RDP/SSH: HTML5 based web clients are automatically streamed to your local device providing the RDP/SSH session over SSL on port 443. This allows easy and securely traversal of corporate firewalls.
  • No public IP required on Azure Virtual Machines: Azure Bastion opens the RDP/SSH connection to your Azure virtual machine using a private IP, limiting exposure of your infrastructure to the public Internet.
  • Simplified secure rules management: Simple one-time configuration of Network Security Groups (NSGs) to allow RDP/SSH from only Azure Bastion.
  • Increased protection against port scanning: The limited exposure of virtual machines to the public Internet will help protect against threats, such as external port scanning.
  • Hardening in one place to protect against zero-day exploits: Azure Bastion is a managed service maintained by Microsoft. It’s continuously hardened by automatically patching and keeping up to date against known vulnerabilities

On the road ahead, Microsoft will be adding more features including Azure Active Directory support, single-sign-on capabilities, and multi-factor authentication integration. Further, they are looking into enabling native support for third-party RDP/SSH clients as well.

The preview of this service is now available and you can try it out with your tenants here.


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: