Access Windows VMs over SSL without Public IPs using Azure Bastion

45 minutes
  • 3 Learning Objectives

About this Hands-on Lab

At your company, they’ve blocked port 3389 outgoing on the firewall and established a mandate that all Windows VMs not be accessible from the internet. In order to log in to Windows VMs, you need to come up with a solution.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create an Azure Bastion Subnet
  1. In the Azure portal, click the menu in the upper left and select Virtual networks.
  2. Select the provisioned VNet and click Subnets.
  3. In the upper left, click + Subnet to add a new subnet.
  4. In Name, enter AzureBastionSubnet and click OK.
Create an Azure Bastion Service
  1. From the Azure All services page, select Bastions.

  2. Click + Add.

  3. From the Create a Bastion page, set the following values:

    • Resource group: Select existing
    • Name: Bastion1
    • Region: Set to the same region as your lab provided resource group**
    • Virtual network: lab-VNet1
    • Subnet: AzureBastionSubnet (
    • Public IP address name: bastionpip
  4. Click Review + create.

  5. Click Create.

    Note: Deployment may take a while.

Connect to the Windows VM via Bastion
  1. From the Azure All services page, select Virtual machines.
  2. Select the winVM virtual machine.
  3. From the top menu, click Connect > Bastion.
  4. Click Use Bastion.
  5. Enter the login credentials provided on the lab homepage.
  6. Click Connect.

Additional Resources

Create a subnet named AzureBastionSubnet within the pre-provisioned VNet.

Next, create a new Azure Bastion host. Use the same region as your lab provided resource group.

Finally, log in to the Windows VM provisioned with this lab. You will notice that there is no public IP address for this VM, so use the bastion host to log in to Windows.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?