Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
A Virtual Machine (VM) created to securely access enclave resources for administrative purposes and can be remotely accessed through Azure Bastion. These VMs are meant to be temporarily lived resources for break-glass system administration of an enclave and the enclave resources
Create an Admin VM
Use the Admin VM to quickly create a VM that can access and configure your enclave resources.
Access Admin VM
By default, Azure Enclave creates an Azure Bastion instance for community or enclave owners to access their enclaves.
Enable enclave access to the Azure portal
Azure portal access is restricted by default for enclaves. This means you need to create endpoint rules and connections to access the Azure portal from within the Admin VM or enclave.
- Create enclave endpoint in the Azure portal
- Create community endpoint in the Azure portal
- Create enclave in the Azure portal
Accessing enclaves through Azure Bastion
Azure Enclave natively uses existing Azure user interface controls to allow for access into Admin VMs. Learn more on how to Connect to a Windows VM using RDP - Azure Bastion.
For certain community and enclave owners, this default access model might not be granular enough. For example, some enclave owners might have regulatory requirements for their workloads that do not authorize Azure Bastion.
If the default behavior of Admin VMs or the configurations that Azure Enclave allows to be changed are insufficient for your use-cases, Azure Enclave recommends creating a workload, Virtual Machines in the workload, an Endpoint, and Connections that function similarly to how Admin VMs function.
- After you create an Admin VM, navigate to that Virtual Machine resource in the Azure portal.
- Select
Connectand then selectConnect via Bastion.
- Enter your credentials for the admin VM and select
Connect.
- Once you see the desktop for the Admin VM, select the windows start menu icon and enter
RDCin the search field.
- Select the
Remote Desktop Connectionapplication from the list. - Enter the IP address of the VM you want to access in the enclave.

- Perform the task you needed to on the remote VM.
Reset password
You can reset the password with the instructions below. Starting from the portal:
- Select the VM name to open that VM resource
- Scroll to the bottom of the blades and select "Reset Password"
- Enter the new password twice and select "Update"
Size
You can adjust the VM size for Azure Enclave Admin VMs based on the number of users you expect to have on a VM at the same time.
Image
Community and enclave owners might also have concerns regarding the default VM image used for these VMs. Currently, Azure Enclave uses Azure Marketplace's Windows Server Datacenter image for Admin VMs. You can select a custom image of your own by providing the resource ID in the Admin VM template advanced tab.