Security controls around Bastian service

Banerjee, Somdutta 101 Reputation points
2022-08-29T19:35:06.35+00:00

Since Azure Bastion service is a fully managed Paas, What controls are placed around the Public IP of the Bastian Host by Microsoft? should any additional controls be placed by the Customer?
Also, what would an ideal implementation look like in terms of applied security controls in addition to Bastian Host for remote access to VM's?

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
185 questions
Accepted answer
  1. Nadav Ben Haim 496 Reputation points Microsoft Employee
    2022-08-30T12:39:46.577+00:00

    In addition to the above shared by @David Broggy ,
    You can look at this URL https://learn.microsoft.com/en-us/azure/bastion/bastion-overview to learn more about Bastion's architecture.
    As a matter of best practice, Azure Bastion should be a part of well-established Landing Zone, according to the CAF or WAF frameworks, respectively.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Broggy 4,266 Reputation points MVP
    2022-08-30T03:36:10.497+00:00

    Hi Banerjee,
    Best security practices for using Bastion are well documented here:
    bastion-security-baseline