Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Bastion Developer provides secure, browser-based connectivity to virtual machines without requiring public IP addresses or additional client software. This quickstart shows you how to deploy and use Bastion Developer to connect to a VM in your virtual network at no extra cost.
In this quickstart, you learn how to:
- Deploy Azure Bastion Developer to your virtual network
- Connect to a virtual machine using the Azure portal
- Enable audio output for your VM session
- Remove the public IP address from your VM
- Clean up resources when finished
For more information about Azure Bastion, see What is Azure Bastion.
Important
Bastion Developer is currently only available in select regions.
Bastion Developer is a free, lightweight offering of the Azure Bastion service. This offering is ideal for Dev/Test users who want to securely connect to their VMs, but don't need additional Bastion features or host scaling. With Bastion Developer, you can connect to one Azure VM at a time directly through the virtual machine connect page.When you connect with Bastion Developer, the deployment requirements are different than when you deploy using other SKUs. Typically when you create a bastion host, a host is deployed to the AzureBastionSubnet in your virtual network. The Bastion host is dedicated for your use, whereas Bastion Developer isn't. Because the Bastion Developer resource isn't dedicated, the features for Bastion Developer are limited. You can always upgrade Bastion Developer to a specific SKU if you need to support more features. See Upgrade a SKU. Virtual network peering isn't currently supported for Bastion Developer.
The following diagram shows the architecture for Azure Bastion Developer.
Bastion Developer is currently available in the following regions:
- Australia Central
- Australia East
- Australia Southeast
- Brazil South
- Canada Central
- Canada East
- Central India
- Central US
- Central US EUAP
- East Asia
- East US 2
- East US 2 EUAP
- France Central
- Germany West Central
- Italy North
- Japan East
- Japan West
- Korea Central
- Korea South
- Mexico Central
- North Central US
- North Europe
- Norway East
- South Africa North
- South India
- Spain Central
- Sweden Central
- Switzerland North
- Southeast Asia
- UAE North
- UK South
- UK West
- West Central US
- West Europe
- West US
Prerequisites
Azure subscription
Verify that you have an Azure subscription. If you don't already have an Azure subscription, you can activate your MSDN subscriber benefits or sign up for a free account.
Virtual machine in a virtual network
You need a VM in a virtual network to connect to using Bastion Developer. When you connect with Bastion Developer, the configuration values are pulled from the virtual network in which your VM resides. Make sure the VM is in a resource group that's in a region where Bastion Developer is supported.
- If you don't already have a VM in a virtual network, create one using Quickstart: Create a Windows VM or Quickstart: Create a Linux VM.
- If you already have a virtual network, make sure it's selected on the Networking tab when you create your VM.
- If you don't have a virtual network, you can create one at the same time you create your VM.
- If you have a virtual network, make sure you have the rights to write to it.
Required roles
- Reader role on the virtual machine
- Reader role on the NIC with private IP of the virtual machine
Required inbound ports
- 3389 for Windows virtual machines
- 22 for Linux virtual machines
Note
The use of Azure Bastion with Azure Private DNS zones is supported. However, there are restrictions. For more information, see the Azure Bastion FAQ.
Example values
You can use the following example values when creating this configuration, or you can substitute your own values.
Basic VNet and VM values:
| Name | Value |
|---|---|
| Virtual machine | TestVM |
| Resource group | TestRG1 |
| Region | West US |
| Virtual network | VNet1 |
| Address space | 10.1.0.0/16 |
| Subnets | FrontEnd: 10.1.0.0/24 |
Deploy Bastion and connect to a VM
In this section, you deploy Bastion Developer and connect to your VM through the Azure portal. The VM must be in a region that supports Bastion Developer. Your NSG rules must allow traffic to ports 22 and 3389 from the private IP address 168.63.129.16.
Sign in to the Azure portal.
Go to the VM you want to connect to. The configuration values from the VM's virtual network are used to deploy Bastion Developer.
On the VM page, select Bastion from the left menu.
On the Bastion page, select your Authentication Type and enter your credentials.
Select Connect. When you select Connect, Bastion Developer automatically deploys to your virtual network at no cost. This deployment takes a few seconds.
The connection opens directly in the Azure portal over HTML5 using port 443. When prompted for clipboard permissions, select Allow. This enables the remote clipboard arrows on the left side of the screen.
- When you connect, the desktop might look different than the example screenshot.
- Keyboard shortcut keys while connected to a VM might not result in the same behavior as shortcut keys on a local computer. For example, when connected to a Windows VM from a Windows client, CTRL+ALT+END is the keyboard shortcut for CTRL+ALT+Delete on a local computer. To do this from a Mac while connected to a Windows VM, the keyboard shortcut is Fn+CTRL+ALT+Backspace.
When you disconnect from the VM, the Bastion Developer resource remains deployed to the virtual network. You can reconnect by going to the VM page in the Azure portal and selecting Bastion > Connect.
Enable audio output
You can enable remote audio output for your VM. Some VMs automatically enable this setting, whereas others require you to enable audio settings manually. The settings are changed on the VM itself. Your Bastion deployment doesn't need any special configuration settings to enable remote audio output. Audio input is not supported at the moment.
Note
Audio output uses bandwidth on your internet connection.
To enable remote audio output on a Windows VM:
- After you're connected to the VM, an audio button appears on the lower-right corner of the toolbar. Right-click the audio button, and then select Sounds.
- A pop-up message asks if you want to enable the Windows Audio Service. Select Yes. You can configure more audio options in Sound preferences.
- To verify sound output, hover over the audio button on the toolbar.
Remove VM public IP address
When you connect to a VM by using Azure Bastion, you don't need a public IP address for your VM. If you aren't using the public IP address for anything else, you can dissociate it from your VM:
Go to your virtual machine. On the Overview page, click the Public IP address to open the Public IP address page.
On the Public IP address page, go to Overview. You can view the resource that this IP address is Associated to. Select Dissociate at the top of the pane.
Select Yes to dissociate the IP address from the VM network interface. After you dissociate the public IP address from the network interface, verify that it's no longer listed under Associated to.
After you dissociate the IP address, you can delete the public IP address resource. On the Public IP address pane for the VM, at the top of the Overview page, select Delete.
Select Yes to delete the public IP address.
Clean up resources
If you're not going to continue to use this application, delete the resource group and all the resources it contains by using the following steps:
In the Azure portal, enter the name of your resource group in the Search box at the top of the portal. Select the resource group from the search results.
Select Delete resource group.
For Enter resource group name to confirm deletion, enter your resource group name, and then select Delete.
Next steps
In this quickstart, you deployed Bastion Developer and used it to connect securely to a virtual machine. Next, configure additional features and explore VM connection options.