hands-on lab

Connecting to Azure VM using Bastion Host

Up to 45m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Azure Bastion is a PaaS offering that lets you connect to Azure Virtual Machines (VM) securely over the internet using Microsoft's backbone network. The bastion host is deployed inside a virtual network and also supports peering to allow usage across the infrastructure. While providing access to the VM resources, it also eliminates the need to assign public IP to the VMs individually.

While organizations are working hard to keep their infrastructure secure and proactively block suspicious traffic to the public endpoints, Bastion host reduces the overhead of managing the security aspect of the RDP/SSH access as it is designed to withstand port scanning and zero-day exploits. Since the bastion acts as a jump-server, only authorized traffic is allowed to pass through without opening any ports to the internet.

In this hands-on lab, you'll understand the basics of the Bastion offering and configure the Bastion host using Azure Portal to RDP into a Windows VM in Azure.

Learning Objectives

Upon completion of this beginner level lab, you will be able to:

  • Understand Azure Bastion's offering
  • Create Bastion resource using Azure Portal
  • Connect to Windows VM using Bastion

Intended Audience

  • Candidates for Azure Administrator Exam
  • Cloud Architects
  • Security Engineers
  • DevOps Engineers
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • Azure Virtual Machine

The following content can be used to fulfill the prerequisite:


  • Aug 3, 2023 - Added instructions to address Bastion region/VNet fields not loading



Environment before

Environment after

About the author

Learning paths

Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.

Covered topics

Lab steps

Logging in to the Microsoft Azure Portal
Creating an Azure Bastion Host using Azure Portal