Share via

Connect to a VM via Bastion with a non-Azure user

brian dewyer 0 Reputation points
2025-02-12T22:16:12.9633333+00:00

I want to provide access to a VM using Bastion to a person that is not a user in our Azure portal (a customer of mine). Is this possible, or does Bastion require an Azure portal user and role?

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
275 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 38,470 Reputation points MVP
    2025-02-12T22:27:59.4066667+00:00

    The user can use native client

    https://learn.microsoft.com/en-us/azure/bastion/native-client

    or shareable link

    https://learn.microsoft.com/en-us/azure/bastion/shareable-link

    However, the user must be authenticated by the Entra tenant associated with the Azure subscription where the Azure Bastion is deployed

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    1 person found this answer helpful.
    0 comments
  2. Rohith Vinnakota 3,160 Reputation points Microsoft External Staff
    2025-02-12T22:56:12.1833333+00:00

    Hi @brian dewyer,

    Greetings!
    In addition to Marcin Policht's response,

    Yes, In Bastion, we have the Shareable Link feature, which lets users connect to a target resource (virtual machine or virtual machine scale set) using Azure Bastion without accessing the Azure portal. The Standard SKU is required for this feature.

    Refer this link:

    https://learn.microsoft.com/en-us/azure/bastion/shareable-link

    Considerations

    • Shareable Links isn't currently supported for peered virtual networks across tenants.
    • Shareable Links isn't currently supported over Virtual WAN.
    • Shareable Links doesn't support connection to on-premises or non-Azure virtual machines and Virtual Machine Scale Sets.
    • The Standard SKU is required for this feature.
    • Bastion only supports 50 requests, including creates and deletes, for shareable links at a time.
    • Bastion only supports 500 shareable links per Bastion resource.

    Permissions to the Shareable Link feature are configured using Access control (IAM). By default, users in your org have only Read access to shared links. If a user has Read access, they'll only be able to use and view shared links, but can't create or delete a shared link.

    Please refer to this link to find out which permission is needed:

    https://learn.microsoft.com/en-us/azure/bastion/shareable-link#permissions

    Hope this helps!

    Please let me know if you have any questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.