Skip to main content

Shareable Link for Azure Bastion - Part 1

· 4 min read
Hasan Gural

Hello Friends, I believe that you have probably heard about the Azure Bastion. It is a service that provides secure and seamless RDP/SSH connectivity to your VMs directly in the Azure portal over SSL. It removes the need to implement inbound ports for RDP/SSH and the need to manage jump boxes. You can connect to your VM using the Azure portal or Azure CLI.

I will try to automate creating a shareable link for Azure Bastion Hosts in this article series. I will use Azure PowerShell to create a shareable link(s) for Azure Bastion Host(s). Nothing stops you from generating a shareable link for Azure Bastion using the Azure Portal. This article series intends to automate provisioning a shareable link for Azure Bastion.

Source: https://docs.microsoft.com/en-us/azure/bastion/bastion-overview

I don't want to repeat the explanation of Azure Bastion. You can read the official documentation for more information.In a nutshell, once you have provisioned Azure Bastion in your virtual network, you can connect to all your VMs in the same virtual network and peered networks. Connecting to your on-premises network is also possible using Azure Bastion. The feature is called IP-Based Connection.

IP Based Connection is a critical feature that allows you to connect to your on-premises, non-Azure, and Azure virtual machines via Azure Bastion over ExpressRoute or a VPN site-to-site connection using a specified private IP address. I think you should enable this feature if you have an on-premises network.

Bastion features can be seen in the following screenshot.

The Shareable link feature allows you to access Azure Virtual Machines through Azure Bastion without logging in to the Azure portal. The new feature is only available on Standard SKU. You can only create shareable links for Virtual Machines or Scalet Sets in the same virtual network as Azure Bastion. I firmly believe that Microsoft will add a feature supporting Multi-Factor Authentication (MFA) for shareable links. It requires securing the shareable links, even if they are unique for each created link.

I will walk you through the steps to create a lab environment for Azure Bastion Shareable Link(s). I will use Azure PowerShell to create the environment. You can use the Azure Portal to create the environment as well. The script below aims to create a lab environment for Azure Bastion Shareable Link(s). You can use the script as a reference.

What does the script do?

  • Create a resource group
  • Create a virtual network
  • Create required subnets for Azure Bastion and VMs
  • Create Azure Bastion Host
  • Create a shareable link for Azure Bastion
  • Create multiple virtual machines
caution

The shareable Link for Azure Bastion is in the public preview. The feature is not available in all regions. You can check the regions that support the feature from the official documentation.

⚡ Create a Resource Group for Lab Environment

Please follow the steps below to create a lab environment for Azure Bastion Shareable Links. First, you need to create a resource group. You can use the following command to create a resource group. This seems to be a common step for all Azure resources. You can use the following control to create a resource group or the Azure Portal.


# Create a resource group

$WarningPreference = "SilentlyContinue" # Suppress warnings
$subscriptionId = "your-subscription-id" # Your subscription ID

Set-AzContext -SubscriptionId $subscriptionId

$location = "uksouth"

$rgDef = @{
Name = 'mybastion-lab-rg'
Location = $location
}

New-AzResourceGroup @rgDef # Create a resource group

Great! We have created a resource group. I will touch on fully deploying the lab environment in the next section. Stay tuned!