Azure Classic VM and Bastion

Malcolm 26 Reputation points
2021-11-08T08:47:26.957+00:00

Could not find any information on whether a Classic VM supports using a Bastion - after creating one, I'm not seeing the Bastion link on the Classic VM - the connect button only allows for RDP. Please advise if this is a supported option for Classic VMs? We are aware of the EOS for Classic VMs in 2023, but we are only going to migrate this VM to ARM later in 2022, but were hoping to improve our security before then. If Bastion is not supported, is it worth us looking into JIT RDP?

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
262 questions
0 comments
Accepted answer
  1. GitaraniSharma-MSFT 49,591 Reputation points Microsoft Employee
    2021-11-11T14:58:12.767+00:00

    Hello @Malcolm ,

    I checked with the Azure Bastion product group and they mentioned that connectivity to classic VM via Azure Bastion is not supported and we don’t have plans to support it in future either.

    Also, JIT is not supported for classic VMs.
    Reference : https://video2.skills-academy.com/en-us/azure/security-center/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc#availability

    So, it would be best to migrate the VMs to ARM for Azure Bastion support.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alan Kinane 16,906 Reputation points MVP
    2021-11-08T12:27:55.49+00:00

    I don't see anything official about this either however I don't believe this would be supported as Azure Bastion is an ARM service integrates directly into the virtual network and requires RBAC support. Just-in-time RDP access would be a step in the right direction anyway but you should definitely continue with your plans to migrate your classic resources to ARM as soon as possible as this will offer a lot more features around security and governance.

    0 comments
  2. Devaraj G 2,096 Reputation points
    2021-11-08T12:35:20.417+00:00

    Hi,

    JIT supports VMs that are deployed through Azure Resource Manager, not 'classic deployment'

    I guess Bastion also not supported in Classic deployment (since its a ARM resource provider). I couldn't find any official documentation on the same.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.