How do I create a policy to prevent the use of Kerberos Authentication for Bastion?

Erik Solvin 0 Reputation points
2023-04-13T07:19:27.5833333+00:00

Hi, I want to create a policy in Azure to prevent the use of Kerberos Authentication for Bastion hosts. Looking at the documentation: https://learn.microsoft.com/en-us/azure/templates/microsoft.network/bastionhosts?pivots=deployment-language-bicep, there doesn't seem to exist an alias or property for Kerberos Authentication that I can use to prevent the use of this functionality. Does someone know a way to work around this or do I need to wait for the alias/property to be created by Microsoft?

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
243 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
806 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 23,501 Reputation points Microsoft Employee
    2023-04-14T04:58:40.2266667+00:00

    @Erik Solvin

    Welcome to the Microsoft Q&A forum. As configuring Bastion for Kerberos authentication is currently in public preview the Kerberos setting for Azure Bastion can be configured in the Azure portal only. This is currently documented here in consideration section.

    If it helps you can assign RBAC roles to the users denying them access in enabling this feature. Additional reference: https://learn.microsoft.com/en-us/azure/bastion/bastion-faq#roles Hope this helps! Please let me know if you have any additional questions.

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments