As of November 4th, Azure Bastion went GA but keep in mind that as of right now, it is only available in 6 Azure regions listed below (the link to get the latest info: https://docs.microsoft.com/en-us/azure/bastion/bastion-create-host-portal)
- West US
- East US
- West Europe
- South Central US
- Australia East
- Japan East
What does that mean, it means that your Virtual Network needs to be in the above regions to be able to use Azure Bastion.
Create Azure Bastion
- Before going ahead and setting up Bastion, you will need to set up a subnet specific for Bastion.
- Search for Bastion and fill the needed fields, Then Click on Create.
- Bastion does not take long and it will be deployed. Now you should be able to connect to your Windows and Linux environments through Bastion ONLY if they are in the same VNET (Peered Networks not supported yet but they are working on it)
As of right now, I am NOT really impressed by Azure Bastion. I feel like it is not really solving any major problems for us and here is why I think so:
- Bastion is still limited to the 2 active sessions on Windows Servers unless you set up RDS and get your cal licenses. Please vote for my enhancement request here: https://feedback.azure.com/forums/217313-networking/suggestions/39168655-bastion-more-than-2-session-for-windows-no-neealong with another similar one: https://feedback.azure.com/forums/217313-networking/suggestions/39008962-allow-access-to-vms-via-azure-bastion-with-an-rdp
- No support for AD authentication ( some local caching might work, did not test that) or Azure Active Directory. It is being worked on.
- No Support for Peered VNets.
- Only a few regions have Bastion.
I feel that Bastion has the potential to be great, but Microsoft will need to address the missing features above as soon as possible or Customers will not be considering Bastion as a valid solution.