Master Azure Bastion: Fast Setup or Full Control

-


Quick Setup (Automatic Deployment)

Navigate to the Virtual Machine (VM)

  1. Sign in to the Azure Portal.
  2. From the left-hand menu, select Virtual Machines.
  3. Locate and click on the VM you want to connect to securely.



Access the Connect Option

  1. On the VM’s overview page, click the Connect button at the top.
  2. A dropdown menu or side panel will display the connection options.

Select Bastion as the Connection Method

  1. In the connection panel, click the Bastion tab (next to RDP and SSH).
    • This tab enables a secure connection through Azure Bastion.
  2. Alternatively, find Bastion under the Connect section in the left-hand menu.


  • Locate Dedicated Deployment Options

    1. If Bastion is not set up, scroll to the Bastion configuration section.
    2. You’ll see a prompt to deploy Azure Bastion with available options.

    Choose Between Automatic or Manual Deployment

    Azure Bastion offers two setup approaches:

    • Automatic Deployment:
      • Azure provisions the Bastion host with default settings.
      • Includes a public IP, a dedicated subnet (AzureBastionSubnet), and recommended configurations.
      • For this guide, select Automatic Deployment.






Test the Connection via Bastion

  1. Return to the VM’s Connect page and select the Bastion tab again.
  2. Enter the credentials used when creating the VM.
  3. If a pop-up window is blocked during the Bastion connection, allow it at the top of your screen.












Remove the Public VM IP Address

  1. If the Bastion connection is successful, you can remove the VM’s public IP to enhance security.
  2. Go to the VM’s Networking settings in the Azure Portal.
  3. Select the network interface, then disassociate the public IP address under IP configurations.
  4. Save the changes and test the Bastion connection again to confirm the VM remains accessible.












Full Manual Configuration


Access the Bastion Service

  • Sign in to the Azure Portal at portal.azure.com.
  • Select Bastion from the left-hand menu or search for "Bastion" using the top search bar.


Navigate to Bastion

  • In the left-hand menu, select Bastion.

  • If it's not visible, use the search bar and type "Bastion" to locate it.

Initiate Bastion Deployment

  • Click Create to set up a new Bastion resource.
  • Choose your Subscription and Resource Group.



Configure Bastion Settings

  • Name: Enter a unique name for the Bastion host.
  • Region: Select the same region as your VM for best performance.



Virtual Network and Subnet:
  • Choose an existing virtual network (VNet) or create a new one.
  • Ensure a subnet named AzureBastionSubnet exists with at least a /26 CIDR range (e.g., 10.0.1.0/26).
  • If needed, create the subnet in the VNet’s Subnets section.


Public IP Address
  • Select Create new or use an existing public IP.
  • Name the IP (e.g., Bastion-PIP).


Additional Settings (Optional)
  • SKU: Choose Basic or Standard based on your needs.
  • Optional Features: Enable native client support or IP-based connections (Standard SKU only).



Review and Validate

  • Click Review + Create to validate your configuration.

  • Resolve any issues (e.g., missing subnet or invalid CIDR) before proceeding.

Deploy Bastion

  • Once validated, click Create to deploy the Bastion resource.

  • The deployment usually takes a few minutes. You can monitor the progress in the Azure Portal.

Connect to the VM via Bastion

  • Go to Virtual Machines and select your target VM.

  • Click Connect and choose the Bastion tab.

  • Enter the VM credentials (username and password or SSH key).

  • Click Connect to establish a secure session through Bastion.

  • If a pop-up is blocked by the browser, allow it at the top of the screen.

Verify and Test

  • Confirm that the connection is successful and functioning as expected.


Remove the Public VM IP Address

  1. If the Bastion connection is successful, you can remove the VM’s public IP to enhance security.
  2. Go to the VM’s Networking settings in the Azure Portal.
  3. Select the network interface, then disassociate the public IP address under IP configurations.
  4. Save the changes and test the Bastion connection again to confirm the VM remains accessible.


Kommentarer

Skicka en kommentar

Populära inlägg i den här bloggen

🚀 IntuneWin – Deploying Win32 Apps via Intune 🎯

-
Bild
🔹 Benefits of IntuneWin: ✅ Seamless app packaging 📦 ✅ Automated deployment ⚙️ ✅ Centralized cloud management ☁️ ✅ Support for installation & uninstallation 🔄 The IntuneWin format is a method for preprocessing Windows Classic (Win32) applications. The tool transforms application installation files into the .intunewin format. Once you apply this tool to the app packaging folder, you can create an app enrollment configuration that enables advanced deployment features, such as OS version dependencies and uninstallation methods for remote application removal. Win32 apps in Intune size limit of 30 GB per app. To start the configuration 1- First you need to download the Microsoft Win32 Content Prep Tool :  Microsoft Win32 Content Prep Tool 2-  Unzip the tool to a folder, E, C , F etc drive (you can choose any folder you like). 3- Save your application  in the same folder as the Content Prep tools.  4- Now we will create the .intunewin package using PowerS...
Read more »

Block Personal devices to acces to Desktop apps like teams, Onedrive etc and how to troubleshooting the issue.

-
Bild
  You can use Conditional Access to block users based on location, IP address, and more, but now we will talk about blocking access for users who are using personal devices 1. Navigate to Entra ID -> Protection -> Conditional Access and create a new policy. 2- Create new policy 3-   Name your policy Assign your policy to a user/group or to all users. If you assign the policy to all users, be sure to exclude the break-glass account. It's essential to always have a break-glass account in place. In case of an error, you could accidentally lock out all users, so make sure these accounts remain unaffected. 4- In the Target resources select All resources (formerly 'All cloud apps') 5- In the conditions: Device platforms: select which devices you want the policy to apply to. In my case i will select windows and MacOS  Client apps: check all boxes except Browser, which will block everything except the browser. Here’s the magic: In the Filter for devices, you can ...
Read more »

🔧 Microsoft 365 Apps Admin Center: Tips & Tricks

-
Bild
  Microsoft 365 Apps Admin Center What is the M365 apps admin center? Deployment Configuration Profile is a configuration profile used to automate and manage how software, such as Microsoft 365 Apps (Office), should be deployed and configured on devices within an organization. This profile allows IT administrators to define exactly how the installation should proceed, which settings should apply, and which components should be included. Where are Deployment Configuration Profiles used? - Microsoft Intune: For cloud-based management of devices and software. - Office Deployment Tool (ODT): For local deployments of Office. - Group Policy: For traditional on-premises networks with Active Directory. I will configure it in the Intune environment To get started with the  Microsoft 365 Apps Admin Center ,  1-Sign in  https://config.office.com/  with you Intune admin account,  you should first go to  Settings  and activate or create a  custom profile ...
Read more »