At your company, they’ve blocked port 3389 outgoing on the firewall and established a mandate that all Windows VMs not be accessible from the internet. In order to log in to Windows VMs, you need to come up with a solution.
Successfully complete this lab by achieving the following learning objectives:
- Create an Azure Bastion Subnet
- In the Azure portal, click the menu in the upper left and select Virtual networks.
- Select the provisioned VNet and click Subnets.
- In the upper left, click + Subnet to add a new subnet.
- In Name, enter AzureBastionSubnet and click OK.
- Create an Azure Bastion Service
From the Azure All services page, select Bastions.
Click + Add.
From the Create a Bastion page, set the following values:
- Resource group: Select existing
- Name: Bastion1
- Region: Set to the same region as your lab provided resource group**
- Virtual network: lab-VNet1
- Subnet: AzureBastionSubnet (10.0.1.0/24)
- Public IP address name: bastionpip
Click Review + create.
Note: Deployment may take a while.
- Connect to the Windows VM via Bastion
- From the Azure All services page, select Virtual machines.
- Select the
- From the top menu, click Connect > Bastion.
- Click Use Bastion.
- Enter the login credentials provided on the lab homepage.
- Click Connect.