Microsoft announces public preview of Bastion Standard

Azure Bastion is a fully managed platform as a service (PaaS) solution that provides customers with a secure way to connect to a virtual machine using a browser and the Azure portal. Recently, the company announced the public preview of the second SKU called Standard.

Microsoft first previewed Azure Bastion two years ago as a secure remote desktop solution, which doesn’t require organizations to expose virtual machines using public IP addresses. Instead, connectivity to virtual machines is provided through RDP and SSH over Secure Sockets Layer (SSL) – the core functionality offered in the Core SKU. Now the company is providing another SKU with Standard that includes premium features such as:

  • Manually scale virtual machine (VM) instances, facilitating Bastion connectivity from 2 to 50 instances to handle the number of concurrent SSH and RDP sessions Azure Bastion can support.
  • Support for IP connections – users can provide the IP address of the target VM / VMSS to allow Bastion to manage connectivity within the local / peered virtual network and on-premises networks and other cloud providers.
  • An Azure Bastion admin panel providing enable / disable functionality accessible by the Bastion host. In addition, users can switch from baseline to standard baseline with the panel, configure access to the IP connection, and manage manual scaling of the virtual machine.


When setting up Azure Bastion, a virtual machine (VM) instance is created, which runs all the processes required to run the service. With Basic, instances are limited to two, while with Standard a user can manually change them up to 50. Additionally, each instance can support 10 to 12 concurrent RDP / SSH connections depending on the actions taken by users when logging in to the guest VM. . And instances for Azure Bastion are created in an AzureBastionSubnet – for scaling, the subnet size must be greater than 26 to allow scaling up to 50 instances (a subnet space smaller network limits the number of scale units).


Azure Bastion is a cloud feature that allows access to the internal network from an external network, such as the Internet. Other public cloud providers like AWS and Google also offer the same functionality. AWS, for example, has Amazon Appstream 2.0, a fully managed non-persistent desktop and application virtualization service. On the other hand, Google has Cloud Identity-Aware Proxy (IAP), which users must configure per project.

Holger Mueller, senior analyst and vice president of Constellation Research Inc., told InfoQ:

The cloud attracts more traditional data center loads, which means opening up SSH and RDP channels to run workloads the same way they were run on-premises. To harness this potential, cloud providers are offering platforms to handle this, and today Microsoft, aptly known as Bastion, is taking the next step with the Standard SKU preview.

Azure Bastion Standard pricing starts at $ 0.29 per hour, and more pricing details can be found on the pricing page. Additionally, service details are available on the landing page.

Margie D. Carlisle