Question on Azure Bastion service

anil kumar 1,641 Reputation points


As there is no way to STOP/Pause the billing of Azure Bastion, Can I achieve the same objective by?

  1. Rolling out one/two VMs in Azure and use them as jump server to connect my Azure VMs.
  2. Locking down my Azure VMs using Network security group (NSG) and/or Application security group (ASG)

I understand Azure Bastion is helpful but it forces us to pay for it's life time without any opportunity to reduce cost. Not sure if I am missing some critical activity which is taken care by Azure Bastion and Azure jump servers won't be enough to replace Azure Bastion.

Appreciate your insightful response, thank you !!

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
226 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,047 questions
0 comments No comments
{count} votes

Accepted answer
  1. Alan Kinane 16,646 Reputation points MVP

    Yes, to both. These were (and still are) common alternatives to Azure Bastion. The main benefit to Azure Bastion is that it's a managed service, i.e. no VMs to maintain and it's quick and easy to set up but you can use whatever alternatives you wish. You also manage access to Azure Bastion through your Azure AD authentication with security features like MFA and conditional access.

    Generally with the alternative options you are trading off cost for more maintenance and responsibility.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful