Microsoft Azure – Virtual Machine – Connect to Bastion Using RDP (No Port TCP 3389 Required)

If you have deployed Virtual Machines (VMs) in Azure, you are probably using Bastion as a secure access tool.

Azure Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned.

However, to connect via Azure Bastion you have to perform a series of steps inside the Azure Portal.

To make things easier (without lowering security) Microsoft has made available a method to access from your native client, i.e. SSH or Remote Desktop Protocol (RDP) client


  • You have to deploy Bastion

Configuration and Connection

  1. From the Azure Portal open the Bastion Resource

2. Select Configuration

3. Check that the SKU is Standard and that the Native Client Support is flagged

4. Launch the Azure Cli with

  • AZ login

5. You will be prompted for Authentication via your web browser

6. When the Azure CLI is Open we need the following information to open the RDP connection:

  • BastionName
  • ResourceGroupName
  • VMResourceId

It is possible to gather them using

  • AZ network bastion list
  • AZ vm list

7. Use the following command (replacing the parameters with the information gathered previously)

  • az network bastion rdp –name “<BastionName>” –resource-group “<ResourceGroupName>” –target-resource-id “<VMResourceId>”

8. The RDP client will require your credentials (if they were not saved in a previous connection) and then connect the VM

More details and steps for SSH are available here Connect to a VM using Bastion and the native client on your Windows computer (Preview)