In this tutorial, you'll:
- Create a Windows 10 Virtual Machine
- Install and use Bastion to connect to your VM
In this tutorial, you'll create a Windows virtual machine on the Azure portal to run and manage the cloud portion of the tutorials. You'll need to complete this tutorial if you do not have access to a Windows machine. If you're trying out these tutorials for the first time, then use a clean install of a virtual machine to avoid issues. Be aware there is cost involved in creating a Virtual Machine and using Bastion to remotely access it. Otherwise, you can skip this tutorial and go directly to the Tutorial: Configure your Windows Cloud Machine. Bastion is a remote access service in Azure that allows you to remotely connect to Windows virtual machines (VMs). There are several benefits to using Bastion to access your Windows VM over RDP:
- Security. Bastion is far more secure than using Remote Desktop or other mechanisms to remotely connect. Bastion uses Azure AD authentication and multi-factor authentication (MFA) to ensure that only authorized users can access the VM.
- Convenience. Bastion allows you to access your VM from any device with a modern web browser, without the need to install additional software or configure VPN connections.
- Ease of use. Bastion includes a user-friendly interface that makes it easy to connect to and manage your VMs.
- Scalability. Bastion can scale to support a large number of users and VMs, making it suitable for use in large organizations.
- Integration with Azure. Bastion is fully integrated with Azure, allowing you to manage your VMs and other resources from the same interface.
Overall, Bastion provides a secure and convenient way to remotely access Windows VMs over RDP, and can be especially useful for organizations looking to simplify their remote access infrastructure.
The following diagram provides you the context to create a Windows 10 cloud VM.
- Create a Windows Cloud Virtual machine
- Deploy Bastion and connect to your Windows Machine
- An Azure subscription, or use free Azure subscription.
- Your account in your Azure Active Directory where your subscription resides, must have the Application Developer Role, for details see steps for setting up your Azure Active Directory Role
-
Open the Azure portal and select your subscription.
-
Create a resource group for your VM
-
From the Azure portal, open your resource group and select the Create button.
-
Search for the Microsoft Windows 10 image. Pick the first one that shows up in the list as the specific Windows 10 image to use will be detailed later in this tutorial.
-
Select Windows 10 Pro 1️⃣ then select the Create button 2️⃣.
-
In the Create a virtual machine form as diagrammed below, fill in the form as suggested in each table: project details, instance details, administrator account, and inbound port rules. Once the form is complete, select the "Review + create" button.
Project details
Form Item Action Subscription Select your subscription name from the dropdown Resource group Select the resource group you created in the previous step. Instance details
Form Item Action Virtual Machine Name Name your VM, for example, myVM Region Select a region that supports the Standard D4s_v3 size, for example, West US 2 Availability Options No infrastructure redundancy required Security Type Standard Image Use the default image, for example, Windows 10 Pro, version xxxx Azure spot instance Select the box Size Standard D4s_v3 Administrator account
Form Item Action Username Provide a user name Password A password between 12 and 123 characters Confirm password Confirm your previous password Inbound port rules
Form Item Action Public inbound ports Allows selected ports (default) Select inbound ports RDP (3389, default) Licensing
Select the box "I confirm ..."
-
Create the VM then select the Go to resource button when the deployment is complete.
-
Follow the instructions to Deploy Bastion from your VM.
-
Connect to your VM using Bastion.
-
Once you've successfully connected to your VM using Bastion, be sure to remove its public IP address.
⚠️ Missing this step will leave your VM open to security vulnerabilities. -
Be sure to reset your password to avoid connectivity issues the next time you sign in. Select Help->Reset password found in the VM's left pane of the Azure portal.
⚠️ Missing this step will prevent Bastion from connecting to your VM.
