Home > Glossary > Microsoft Azure Fundamentals > Azure Bastion

📖 What is Azure Bastion?

Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to virtual machines directly through the Azure portal. It eliminates the need to expose public IP addresses on VMs, significantly reducing the attack surface.

🥋 Sensei Says:

"If a question asks how to connect to a VM securely without using a Public IP or a Jumpbox, Bastion is your answer."

📚 Certification: Microsoft Azure Fundamentals (AZ-900)

🔑 What are the Key Concepts of Azure Bastion?

▸ As a fully managed PaaS service, Azure Bastion removes the operational burden of deploying and maintaining a custom jumpbox virtual machine.
▸ It enhances security by eliminating the need for public IP addresses on virtual machines, effectively closing common RDP and SSH attack vectors.
▸ Users connect to their VMs via the Azure portal using SSL (port 443), removing the requirement for specialized RDP or SSH client software.
▸ Bastion provides seamless, browser-based access to both Windows and Linux VMs, ensuring administrative tasks can be performed securely from any location.

🎯 How does Azure Bastion appear on the AZ-900 Exam?

You may be asked to identify the best solution for a company that needs to provide administrative access to virtual machines without exposing them to the public internet or managing a jumpbox.

A scenario might describe a security requirement to minimize the attack surface of a virtual network. Expect to choose Azure Bastion as the tool to remove public IP requirements for RDP/SSH.

❓ Frequently Asked Questions

How does Azure Bastion differ from a traditional Jumpbox VM?

A Jumpbox is a VM you manage yourself, requiring its own public IP and patching. Bastion is a managed PaaS service that handles the infrastructure, providing a more secure, scalable, and maintenance-free alternative.

Does Azure Bastion require the target virtual machine to have a public IP address?

No, the primary benefit of Azure Bastion is that it allows you to connect to VMs using only private IP addresses, significantly increasing security by hiding the VMs from the public internet.

Related Terms from Microsoft Azure Fundamentals

Platform as a Service (PaaS) Azure AI Services Disaster Recovery Azure Key Vault Azure Monitor Azure Synapse Analytics

📝 Related Study Guides

Study Guide 10 min read

Azure Fundamentals (AZ-900): How to Pass on Your First Try

To pass the Azure AZ-900 exam, focus on the three core domains: Cloud Concepts, Azure Architecture, and Management and Governance. Combine Microsoft Learn's free modules with high-volume practice exams—like the 1,000 questions at Cert Sensei—to master service distinctions and governance tools. Aim for a 700/1000 score across 40-60 questions.

Deep Dive 8 min read

What is an Azure Resource Group? AZ-900 Governance Guide

An Azure Resource Group is a logical container that holds related resources for an Azure solution. It enables efficient lifecycle management, allowing you to deploy, update, and delete a group of resources as a single unit, while providing a centralized point for applying governance, security policies, and Role-Based Access Control (RBAC).

Comparison 7 min read

Azure Data Lake vs Blob Storage: AZ-900 Explained

Azure Blob Storage is object storage for unstructured data using a flat namespace. Azure Data Lake Storage Gen2 builds on Blob storage by adding a hierarchical namespace, making it optimized for big data analytics and high-performance Hadoop workloads. For AZ-900, choose Data Lake when you see "hierarchical" or "analytics."