Security controls around Bastian service

Banerjee, Somdutta 141 Reputation points

Since Azure Bastion service is a fully managed Paas, What controls are placed around the Public IP of the Bastian Host by Microsoft? should any additional controls be placed by the Customer?
Also, what would an ideal implementation look like in terms of applied security controls in addition to Bastian Host for remote access to VM's?

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
240 questions
0 comments No comments
{count} votes

Accepted answer
  1. Nadav Ben Haim 496 Reputation points Microsoft Employee

    In addition to the above shared by @David Broggy ,
    You can look at this URL to learn more about Bastion's architecture.
    As a matter of best practice, Azure Bastion should be a part of well-established Landing Zone, according to the CAF or WAF frameworks, respectively.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. David Broggy 5,681 Reputation points MVP

    Hi Banerjee,
    Best security practices for using Bastion are well documented here:

    0 comments No comments