![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 67%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
247 questions
Azure Bastion Service enables you to securely and seamlessly RDP & SSH to the VMs in your virtual network. Azure Bastion enables connections without exposing a public IP on the VM. Connections are made directly from the Azure portal, without the need for an extra client/agent or piece of software.
Reference Link: https://video2.skills-academy.com/en-us/azure/virtual-network/ip-services/configure-public-ip-bastion
So Bastion IP is not your internet connection IP. Bastion IP is just your SNAT IP to hide the IP of your resources.
SNAT allows multiple private IP addresses to share a public IP address for outbound communication. The specific public IP address used for SNAT can be different from the public IP address of the Bastion service. This is why you're seeing a different public IP address when you check from the VM.
If you want to control the outbound IP address of your VM, you can use Azure NAT Gateway or assign a public IP address to the VM's network interface. However, assigning a public IP address to the VM would expose it to the internet, which might not be desirable from a security perspective.
