@Komoroske, Gina
Thank you for your patience while we were looking into your issue. I understand that you want to know if Bastion service is required or not if you have a VPN connection to Azure VNET.
Ideally you would not require the Bastion service if you have a VPN since VPN is going to get you connected to your private resources on the VNET securely and privately which is similar to what Bastion also does. However, there are going to be some differences.
- Using Bastion you can connect to your resources from anywhere i.e., any source machine whereas with a VPN, you can only connect to your resources from the networks specified for the VPN connection.
- With Azure Bastion you get some added features such as Monitoring/logging of connections.
- Azure Bastion also includes Azure Active Directory integration
If you are looking for any of the above features, you would still need to use Bastion, if not, VPN should suffice to be able to connect to the VNET resources securely and privately. I hope this answers your question. If you have any further questions, please let us know and we will be glad to assist anytime. Have a good day!