Connect to a Windows VM using RDP - Azure Bastion (2024)

Table of Contents
In this article Prerequisites Required roles Ports Rights on target VM Connect Next steps FAQs
  • Article

This article shows you how to securely and seamlessly create an RDP connection to your Windows VMs located in an Azure virtual network directly through the Azure portal. When you use Azure Bastion, your VMs don't require a client, agent, or additional software. You can also connect to a Windows VM using SSH. For information, see Create an SSH connection to a Windows VM.

Azure Bastion provides secure connectivity to all of the VMs in the virtual network in which it's provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH. For more information, see What is Azure Bastion?

Prerequisites

Before you begin, verify that you've met the following criteria:

See Also
Azure Serial Console - Virtual MachinesTutorial: Connect virtual networks with VNet peering - Azure portalQuickstart: Create a private endpoint - Azure portal - Azure Private LinkSite-to-Site VPN connections over ExpressRoute private peering - Azure VPN Gateway

  • A VNet with the Bastion host already installed.

    • Make sure that you have set up an Azure Bastion host for the virtual network in which the VM is located. Once the Bastion service is provisioned and deployed in your virtual network, you can use it to connect to any VM in the virtual network.
    • To set up an Azure Bastion host, see Create a bastion host. If you plan to configure custom port values, be sure to select the Standard SKU or higher when configuring Bastion.

  • A Windows virtual machine in the virtual network.

Required roles

  • Reader role on the virtual machine.
  • Reader role on the NIC with private IP of the virtual machine.
  • Reader role on the Azure Bastion resource.
  • Reader role on the virtual network of the target virtual machine (if the Bastion deployment is in a peered virtual network).

Ports

To connect to the Windows VM, you must have the following ports open on your Windows VM:

  • Inbound port: RDP (3389) or
  • Inbound port: Custom value (you'll then need to specify this custom port when you connect to the VM via Azure Bastion)

Note

See Also
Configure IP addresses for an Azure network interface

If you want to specify a custom port value, Azure Bastion must be configured using the Standard SKU or higher. The Basic SKU does not allow you to specify custom ports.

Rights on target VM

When a user connects to a Windows VM via RDP, they must have rights on the target VM. If the user isn't a local administrator, add the user to the Remote Desktop Users group on the target VM.

See the Azure Bastion FAQ for additional requirements.

Connect

  1. In the Azure portal, go to the virtual machine that you want to connect to. On the Overview page, select Connect, then select Bastion from the dropdown to open the Bastion page. You can also select Bastion from the left pane.

    Connect to a Windows VM using RDP - Azure Bastion (1)

  2. On the Bastion page, enter the required authentication credentials, then click Connect. If you configured your bastion host using the Standard SKU, you'll see additional credential options on this page. If your VM is domain-joined, you must use the following format: [email protected].

    Connect to a Windows VM using RDP - Azure Bastion (2)

  3. When you click Connect,the RDP connection to this virtual machine via Bastion will open in your browser (over HTML5) using port 443 and the Bastion service. The following example shows a connection to a Windows 11 virtual machine in a new browser tab. The page you see depends on the VM you're connecting to.

    Connect to a Windows VM using RDP - Azure Bastion (3)

    When working with the VM, using keyboard shortcut keys may not result in the same behavior as shortcut keys on a local computer. For example, when connected to a Windows VM from a Windows client, CTRL+ALT+END is the keyboard shortcut for CTRL+ALT+Delete on a local computer. To do this from a Mac while connected to a Windows VM, the keyboard shortcut is Fn+CTRL+ALT+Backspace.

Next steps

Read the Bastion FAQ for more connection information.

Connect to a Windows VM using RDP - Azure Bastion (2024)

FAQs

How do I Connect to Azure bastion with RDP? ›

In the Azure portal, go to the virtual machine that you want to connect to. On the Overview page, select Connect, then select Bastion from the dropdown to open the Bastion page. You can also select Bastion from the left pane. On the Bastion page, enter the required authentication credentials, then click Connect.

Read On
Does Bastion support connectivity to Azure Virtual Desktop? ›

Bastion connectivity to Azure Virtual Desktop is not supported. Bastion is aimed toward administration of IaaS VMs and not to facilitate end users work. When you configure Azure Bastion using the Basic SKU, two instances are created. If you use the Standard SKU, you can specify the number of instances.

Discover More Details
Can Remote Desktop connections to virtual machines be protected by using Azure bastion? ›

Protect your virtual machines with more secure remote access

Azure Bastion is a fully managed service that provides more secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs) without any exposure through public IP addresses.

Continue Reading
Why RDP is not connecting in Azure? ›

When you make an RDP connection to a Window VM in Azure, you may receive the following general error message: Remote Desktop can't connect to the remote computer for one of these reasons: Remote access to the server is not enabled. The remote Computer is turned off.

See Details
Is Bastion more secure than RDP? ›

Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.

Find Out More
Does Azure Bastion need its own virtual network? ›

When you deploy Azure Bastion using any SKU except the Developer SKU, Bastion requires a dedicated subnet named AzureBastionSubnet. You must create this subnet in the same virtual network that you want to deploy Azure Bastion to.

Tell Me More
How do I access Azure VM without RDP? ›

Connect to VM - Azure portal

To connect to a VM using a specified private IP address, you make the connection from Bastion to the VM, not directly from the VM page. On your Bastion page, select Connect to open the Connect page. On the Bastion Connect page, for IP address, enter the private IP address of the target VM.

Show Me More
How many RDP connections are allowed on Azure VM? ›

For more information, see How to use remote tools to troubleshoot Azure VM issues. If the value doesn't exist, the service uses the default setting that allows an unlimited number of RDP connections.

Explore More
Is RDP enabled by default in Azure VM? ›

The default port for RDP is TCP port 3389. A rule to permit RDP traffic may not be created automatically when you create your VM. If you do not have a rule that allows RDP traffic, create a Network Security Group rule.

Continue Reading
How do I give access to Azure Bastion? ›

Navigate to the Access control (IAM) pane then assign the Reader role to the user. Navigate to the Bastion pane on the Virtual Machine, select the Bastion name and then apply the Reader role to the user.

Show Me More
Top Articles
4 Core English Skills – Shaw English
What are the Best and most Accurate Trend Reversal Indicators?
Kreme Delite Menu
Hannaford Weekly Flyer Manchester Nh
Top Scorers Transfermarkt
Grange Display Calculator
Wild Smile Stapleton
Pike County Buy Sale And Trade
MADRID BALANZA, MªJ., y VIZCAÍNO SÁNCHEZ, J., 2008, "Collares de época bizantina procedentes de la necrópolis oriental de Carthago Spartaria", Verdolay, nº10, p.173-196.
Keurig Refillable Pods Walmart
Edible Arrangements Keller
Scholarships | New Mexico State University
Oc Craiglsit
Tracking Your Shipments with Maher Terminal
065106619
My.tcctrack
Craftology East Peoria Il
Carolina Aguilar Facebook
Rams vs. Lions highlights: Detroit defeats Los Angeles 26-20 in overtime thriller
Air Force Chief Results
Evil Dead Rise - Everything You Need To Know
Transactions (zipForm Edition) | Lone Wolf | Real Estate Forms Software
Stoney's Pizza & Gaming Parlor Danville Menu
Lisas Stamp Studio
Menus - Sea Level Oyster Bar - NBPT
The Banshees Of Inisherin Showtimes Near Broadway Metro
Villano Antillano Desnuda
San Jac Email Log In
Korg Forums :: View topic
Funky Town Gore Cartel Video
DIY Building Plans for a Picnic Table
Citibank Branch Locations In Orlando Florida
Baddies Only .Tv
What Happened To Father Anthony Mary Ewtn
Craigslist Neworleans
Ducky Mcshweeney's Reviews
No Hard Feelings Showtimes Near Tilton Square Theatre
Indiefoxx Deepfake
Gold Nugget at the Golden Nugget
Enjoy4Fun Uno
15 Best Things to Do in Roseville (CA) - The Crazy Tourist
Wasmo Link Telegram
Conan Exiles Armor Flexibility Kit
[Teen Titans] Starfire In Heat - Chapter 1 - Umbrelloid - Teen Titans
Walmart 24 Hrs Pharmacy
Chr Pop Pulse
Enjoy Piggie Pie Crossword Clue
Sams La Habra Gas Price
Tweedehands camper te koop - camper occasion kopen
Phumikhmer 2022
Obituary Roger Schaefer Update 2020
Latest Posts
Courtside Seats to This Year’s NBA Finals Are Some of the Most Expensive Tickets in League History
This Clear-Bottomed Swimming Pool Hangs 40 Stories Above the Street
Article information

Author: Ouida Strosin DO

Last Updated:

Views: 6240

Rating: 4.6 / 5 (76 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Ouida Strosin DO

Birthday: 1995-04-27

Address: Suite 927 930 Kilback Radial, Candidaville, TN 87795

Phone: +8561498978366

Job: Legacy Manufacturing Specialist

Hobby: Singing, Mountain biking, Water sports, Water sports, Taxidermy, Polo, Pet

Introduction: My name is Ouida Strosin DO, I am a precious, combative, spotless, modern, spotless, beautiful, precious person who loves writing and wants to share my knowledge and understanding with you.