@Simon Cassar , A bastion host provides secure and seamless Remote Desktop Protocol (RDP) connectivity to your VMs directly in the Azure portal over SSL. When you connect via a bastion host, your VMs don't need a public IP address. You should be able to provide access to your legitimate contractors as there are no identical public IPs involved here.
----------
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.