The Azure Bastion service is a new PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL. When you connect via Azure Bastion, your virtual machines do not need a public IP address.
So this Azure Bastion service can be deployed in your existing Virtual Network, the result is that you can connect via RDP and SSH to all your Virtual Machines inside the same Virtual Network. The VM’s itself doesn’t need a public IP address anymore and you can connect to the VM’s via the Azure Bastion service via the Azure Portal.
Source: MicrosoftIn this post I will show you how to setup the new Azure Bastion service and how to connect to your VM’s via the Bastion service.
How to deploy Azure Bastion (Preview)
Before we begin make sure you installed the Azure PowerShell module, run your Powershell as administrator so you can install the modules. If you don’t know how to install those check out this LINK
.
The next step is to connect with you Azure tenant via PowerShell and register an Azure Provider Feature to enable the BastionHost Feature in your tenant.
<figure class="wp-block-image"></figure>After a few minutes you can use the following command to check whether the feature has been registered. The RegistrationState should be Registered.
```
Get-AzProviderFeature -ListAvailable | Where-Object {$_.FeatureName -Like "Bastion"}
```
```
First we need to use another link to the azure portal https://aka.ms/BastionHost so we can select this new resource in the portal.
Once logged in click on **“Create a resource”** and search for bastion.
 Azure Bastion (preview) Click on the **Bastion (preview)** to begin with the deployment.
Azure Bastion (preview) resourceClick on **“Create”** to open the **Create a bastion** page.
On the **Create a bastion** page specify the configuration settings for your Bastion resource. The resource will be deployed in your Virtual Network, one of the prerequisites is that you will need a subnet with at least a /27 or larger subnet. The subnet must be called **AzureBastionSubnet**, this will make sure that Azure is deploying the Bastion resource in the correct subnet.
You can create a new Public IP for the Bastion resource or use an existing one. When all the required configurations are in place it’s time to create the Bastion resource. Click on **Review + create** to validate the values. After the validation succeeded you can click on **create** to start the deployment.
After the deployment is complete you will find the Bastion service in your Virtual Network.
The Azure Bastion service## Connect to a Windows virtual machine using Azure Bastion (Preview)
Now we successfully deployed the Azure Bastion service it is time to connect to your VM with the use of Bastion.
Make sure your VM is power on and navigate to the Virtual Machine that you want to connect to, then Click on **Connect**.
Connect to your VMAfter you click on connect the side bar will appear with an extra tab, this tab is called Bastion. Fill in your credentials to connect to the VM and click on **Connect**, the default settings will open a new windows with your session to the selected VM.
Connect to your VM via BastionIn the new window you connection will be established. Make sure your browser isn’t blocking popups from the Azure Portal, otherwise the new Window will not open.
Connecting to the Bastion Host**If you have configured your VM’s in the past with a Public IP so you could RDP to your VM’s now it’s time to remove those and use Bastion instead!**
You can find more information about Azure Bastion on the following site.