Azure Bastion Reviews

Azure Bastion serves as our primary solution for providing secure administrative access to Azure VPNs and VMs without exposing RDP or SSH ports to the internet. From a cybersecurity perspective, it helps us reduce the attack surface, eliminate public IP requirements on management servers, and ensure enforcement-controlled remote access for administrators across customer environments.

A common scenario occurred during a customer security review where public IPs on management VMs had to be removed to meet internal security requirements. Using Azure Bastion, we maintained secure RDP and SSH access without exposing those systems externally. This allowed us to improve the customer's security posture while avoiding the operational complexity of deploying and managing traditional jump servers.

We also use Azure Bastion extensively in highly regulated customer environments where direct internet access to servers is prohibited. It simplifies secure administrative access during incident response, maintenance, and troubleshooting activities while maintaining compliance with internal security and access control requirements.

The best features of Azure Bastion are secure browser-based RDP or SSH access, elimination of public IP exposure on VMs, and seamless integration with Azure networking. From a cybersecurity perspective, we especially value centralized access control, reduced attack surface, and the ability to provide privileged administrative access without deploying and maintaining traditional jump servers.

Browser-based RDP or SSH through Azure Bastion has reduced operational overhead because administrators can securely access VMs without VPN dependency, jump servers, or exposed management ports. Centralized access through Azure role-based access control makes permission management much easier, allowing us to enforce least-privilege access and maintain consistent administrative controls across multiple customer environments.

Another feature we find valuable in Azure Bastion is its ability to standardize secure administrative access across different customer environments. From a security operation perspective, it reduces dependency on legacy jump host architectures, simplifies access management, and helps enforce a consistent remote access security model across Azure workloads.

Azure Bastion could be improved with more granular session monitoring, rich audit capabilities, and deeper integration with security operation workflows. We would also appreciate enhanced reporting, stronger just-in-time access controls, and more flexibility for managing large-scale, multi-subscription environments from a centralized administration interface.

One pain point in large enterprise environments is limited visibility into administrator session activity after access is granted through Azure Bastion. We would appreciate more advanced session recording, centralized audit reporting, and tighter integration with SIEM or SOC workflows to improve privileged access monitoring and forensic investigations.

I have been using Azure Bastion for two years.

Azure Bastion is stable.

The scalability of Azure Bastion has been solid in our enterprise environments. It scales well across multiple subscriptions and virtual networks without requiring separate jump host infrastructure per environment, which makes it easier to support growing customer workloads.

The customer support is very good. One thing I would highlight is the response time of the engineers and the expertise they have, which is very valuable. The engineers are technically strong. The documentation part is also very good, and good knowledge base articles are provided in the customer support portal.

Before adopting Azure Bastion, we primarily used traditional jump servers, bastion hosts with public IPs, and VPN-based remote access solutions for administrative connectivity. We switched because Azure Bastion removed the need for public exposure of RDP and SSH, reduced operational overhead of maintaining jump hosts, and provided a more secure, centralized, and Azure-native approach to privileged access management.

Our experience with Azure Bastion is that pricing is predictable but can become significant at scale, since it is tied to deployment size and usage. Setup is straightforward from a configuration standpoint, but proper network planning such as subnets, NSGs, and routing is required up front. Licensing is simple as it is consumption-based with Azure, which reduces complexity compared to managing separate remote access tools.

We have seen a clear return on investment from Azure Bastion, mainly in operational efficiency and reduced infrastructure overhead. Administrative access provisioning became thirty to forty percent faster, especially during incident response and troubleshooting. We reduced reliance on dedicated jump host infrastructure, which lowered both maintenance effort and operational complexity. While headcount did not change, the existing team can support more customer environments without adding additional remote access management resources.

Before choosing Azure Bastion, we evaluated traditional jump host architectures and VPN-based remote administration solutions. We chose Azure Bastion mainly for its native Azure integration, elimination of public IP exposure, and simplified secure access without needing additional infrastructure or external tooling.

My advice for customers adopting Azure Bastion is to design your network architecture properly up front, especially if you are using hub and spoke or multi-subscription models. I would also recommend avoiding hybrid setups with legacy jump hosts wherever possible to fully benefit from Azure Bastion's security model. Centralize Azure Bastion usage across teams to reduce security inconsistency and operational overhead. I would also recommend integrating role-based access control and conditional access early to enforce least privileged access.

Azure Bastion is not heavily AI-driven. Governance and security are primarily based on access controls, identity management, and auditing capabilities. As a cybersecurity team, we value its integration with Azure AD, role-based access control, and conditional access policies, which provide strong governance and help ensure secure privileged access to critical systems.

Azure Bastion does not rely on AI-generated outputs for its core functionality. Its value comes from providing secure and reliable remote access, and in that regard, it has been highly consistent. Access scenarios, sessions, authentication controls, and connectivity functions have been dependable across our customer environments with fewer operational issues. I would rate this product an eight overall.

Neutral

Positive

Azure Bastion is a service that allows you to create an infrastructure on Azure. My organization helps companies implement and optimize the Azure infrastructure.

The solution's most valuable feature is that it is easy to use and fast. It is a good tool for creating infrastructure as code. It is modernized, so I can create complex infrastructures.

I think the tool is pretty good. It is like having a tool that just works. If there are better tools that Azure comes up with, then that is a separate thing. In the current scenario, Azure Bastion is not a bad product. In my company, we are not facing any challenges or limitations with the tool.

Speaking of AI, having Microsoft Copilot in Azure Bastion would be good. As of now, Microsoft Copilot is not something that has been considered for Azure Bastion. It would be a good addition if it is done in the future.

I have been using Azure Bastion for a year. My company operates as Microsoft's SI and ISV partner.

It is a stable solution. Considering the way my company uses the tool, I don't find any challenges with the product, so it is a stable solution.

Scalability does not apply because creating the infrastructure with Azure Bastion is like having small code, but it is scalable in that you can create complex infrastructure. The tool is scalable only in a certain manner.

The solution's technical support is satisfactory. Everything depends on the support plan that you have. If you have the right support plan, the support plan is actually really good. I rate the technical support a nine out of ten.

Positive

I have experience with Azure Resource Manager. Azure Resource Manager and Azure Bastion have the same use cases in my company. Azure Bastion is better than Azure Resource Manager.

As you are able to automate the infrastructure and create infrastructure on the fly, I would say that the return on investment is high.

The tool is cheaply priced. I would say that the product is free to use.

Whether Azure Bastion handles network latency and large-scale connections is irrelevant as it is not something that is valid because it is just used as a code for configurations. It would not be right to frame a question where one asks how HTML CSS handles the network connections because network connection, bandwidth, connectivity, and concurrent connections are areas that depend heavily on the infrastructure as opposed to the code. The area revolves around code matters, but infrastructure is the key component. As Azure Bastion is there to create the infrastructure, it is not valid to discuss whether it can handle network latency and large-scale connections.

Azure Bastion is a secure tool.

I have not seen any AI capabilities in the tool.

People can create complex infrastructure and a hierarchy, but it all depends on how they organize their code and files. If they organize it the right way, the entire solution and the entire infrastructure would be smooth enough to be deployed with Azure Bastion.

I rate the tool an eight out of ten.

Our customers use the product to connect to Azure virtual machines. It is a perfect solution that they can easily connect to the browser and experience the VM services.

Azure Bastion makes it easy to provide quick virtual machine access to our customers. We don’t have to build complex SSL VPN tunnels and connect to the infrastructure. It is time-saving. It helps us save around four work hours per month for us.

It is great that we don’t have to connect any ports to the internet using the product. We can just connect over to SSL tunneling into the browser. It is really helpful.

We are not able to copy and paste files directly into the server over the patch host. We have to transfer files over to Azure Storage.

We have been using Azure Bastion for two years.

The product is scalable.

We have never contacted the product’s technical support team as it is very easy to implement.

We have used SSL VPN. We switched to Azure Bastion as it is more secure and easy to access.

The initial setup is simple. We have to start a wizard and deploy the patching host. It follows by giving access to all the accounts. It is a straightforward process.

The product costs around $150 per month. It does not save money for us.

We did not evaluate other products as we already had a native solution on Azure. Thus, there was no possibility of implementing a similar product.

The product improved the security posture of our organization. We don’t have open ports and connect them to servers using it. We can carry out two-factor authentication to protect the devices with conditional access features.

It would be nice to have a feature to copy and paste the files into servers. I rate the product a nine out of ten.

We use it to access the 144 virtual machines hosted in Azure. This service provides a secure entry point, allowing us to connect to our VMs without public IP addresses. Our setup benefits from the streamlined and secure remote access Azure Bastion provides for our Azure-based infrastructure.

One significant benefit is the ability to have direct control over our infrastructure. Unlike before, where we relied on Rackspace for tasks like resizing VMs and managing databases, having hands-on access to our own products within Azure has proven to be a highly favorable aspect. Our organization's overall security posture has significantly improved. While we encountered various challenges with Rackspace, the transition to Azure, particularly with Azure Bastion, has provided us with a more secure means of accessing our VMs. This has been a substantial improvement, not only in terms of security but also in cost management. The move to Azure has saved us money compared to the nickel-and-dime expenses associated with Rackspace support. Troubleshooting and issue resolution have become more efficient. Previously, a task that might have taken an hour over the phone with Rackspace can now be accomplished in just five to ten minutes. The streamlined process has notably improved our workload and task completion times.

The most significant advantage lies in its runbook features, particularly beneficial for our infrastructure team. These features enable us to expedite the VM provisioning process significantly. As part of the infrastructure team, this capability allows us to swiftly spin up VMs, reducing the time required to onboard new clients to approximately 15 to 30 minutes.

While the support has generally been responsive, there were instances where we faced challenges due to miscommunication regarding our specific needs in Azure. To enhance the support experience, it would be beneficial to have a more specific and itemized list when submitting requests. While general support is valuable, having a detailed breakdown of the specific issues would contribute to a more streamlined and efficient resolution process.

I have been using it for a year now.

We haven't experienced any issues with stability.

I don't have the specific metrics for scalability yet.

The support is consistently prompt and efficient. They are proactive and well-resourced, demonstrating a strong grasp of technology and extensive knowledge. I'm highly satisfied with the responsiveness, particularly in critical situations. I would rate it nine out of ten.

Positive

We were previously hosted with Rackspace but migrated to Azure last year. Since then, we've experienced notable improvements, especially faster processing times. Direct control and hands-on access to our products has significantly accelerated our processes. We can now swiftly deploy new sites, spin up VMs, and set up databases for those VMs at a much faster pace. The overall infrastructure has notably improved since we gained this level of control. Moreover, both cost management and time efficiency have seen considerable enhancements.

The initial deployment and setup were not straightforward; it took several months to complete.

The process involved scripting and overseeing the entire migration process to ensure the proper transfer of all our data. Initially, we conducted sandbox and testing phases to ensure the functionality of our existing setup. Following this, we proceeded with weekly production deployments for various states. However, once the initial hurdles were overcome, we established a rhythm, and the subsequent operations went exceptionally smoothly. I believe a consultant was involved, as well as my supervisor.

Overall, I would rate it ten out of ten.

The solution breaks down sometimes. 

I have been working with the product for four years. 

The tool is scalable. My company has more than 100 users for the product. 

The product's setup is easy.

I would rate the tool an eight out of ten. 

We have various uses for the solution, but primarily to address security concerns. We used the Azure CLI to connect to the Azure VMs we created for our customers. It was essential for us to be able to connect to the VMs in a simple, secure, and smooth way.

We conducted a migration process to move our customer's on-prem environment onto Azure, using Azure Bastion for login and remote login sessions. The transition took two to three months, and getting used to the product was an experience, though we didn't encounter any problems. Bastion works as advertised; there's a vacuum, and we script using an Azure-based CLI.

The ability to operate the product with scripting is excellent. 

The solution's ease of use is also favorable; we could send the login script to the customer, and they could use it with their ID in the connection box without any other impact. This was of great benefit.

The Microsoft documentation is handy; it's straightforward and easy to follow.

The protocol speed could be faster. 

We've been using the solution for over a year. 

The stability is satisfactory; we never had any availability or connection problems.

The product is scalable.

We never had to contact technical support. 

The deployment was relatively straightforward; I used the Microsoft-provided documentation and wrote the script myself. The solution doesn't require any maintenance. 

We were previously unable to use RDP sessions, so I consulted with our security team and they recommended Bastion to help resolve this issue. We ran some tests and found the solution was straightforward and worked well; that's why we started using it. 

The pricing is a lower decision point than high-quality security for our organization. Better security comes at a cost, but it's worth it, and that's what we tell our customers.

I rate the solution ten out of ten. 

We're delighted with the product; it does everything we need it to do, and it does it well.

My advice to those considering the solution is to have a clear picture of your environment and use cases. Important questions include how many hours will the connection be working? Extra features depend on your specific requirements, and consulting with an architect over the implementation is a must, as it could become challenging otherwise.

Every organization has public and private IP addresses, and you can't log into every machine over the internet. That's where Azure Bastion comes into the picture. You can configure Bastion on one machine, and from that machine, you can RDP or PuTTY to all the machines. RDP is for Windows, and PuTTY is for Linux.

In our team, there are several people. Usually, for RDP, they would require a license, whereas, with Bastion, there is no RDP license. You just go ahead and log in with your domain credential, and you can start working on it. It saves license costs. 

It provides all the security to us. Without getting on the internet, we can access our servers. We can access our desktop through our web browser. We don't need to run the mstsc command and login to the VM. All those things are not required.

Without logging into the Jump server, you can configure Bastion in Azure in the same virtual network, and you can access your VMs.

The security that it maintains is also valuable. We can't copy and paste data from our local machine to the Jump server. Azure Bastion maintains that level of security.

Implementation-wise, a little bit of improvement is required because the tips they have provided are a little bit tricky.

There are some challenges because Bastion is more compatible with Edge but not with the other browsers. As an organization, it doesn't make sense that we have to use only Edge. We should be able to access Bastion over Chrome, Mozilla, or Opera. It should be our choice.

A little bit of improvement is required for Linux because we can add Bastion on the Windows machine, but PuTTY is implemented for Linux. We have to log in to Bastion, and through that, we have to go to the PuTTY service.

I've been using Azure Bastion for the past five years.

Its stability is good. It isn't going away from the market any time soon. It was introduced only five or six years ago.

Scalability is not applicable for Bastion.

I didn't have any need to contact them.

We had Citrix virtualization. The Jump box was installed or configured on top of VMware. We had to virtualize through Citrix. We had to log in and access the machine through Citrix. Previously, our setup was on-premises, whereas now, it's migrated to the cloud. For the cloud, Bastion was introduced. It requires some improvements, but it provides more security. Previously, we had to deploy our VM in VMware, and we had to add that VM into Citrix virtualization. We had to go to the web browser, put in our credentials, and log in to access the remote desktop, but it was not safe because the URL is hosted on top of the internet. We had a firewall, but it wasn't as safe as Bastion. So, Bastion is good from the security and licensing perspective.

It's straightforward. The only complexity that you should be aware of is the IP address. 

We have a separate team that takes care of its implementation, and after that, it comes to the operations team. It can be implemented in half an hour by one person.

In terms of maintenance, no maintenance is required from our side. If any maintenance is happening through Microsoft, then the site would be down, and you won't be able to access it. From our side, it doesn't require anything. We don't have to pay for that.

I'd recommend it if you want to maintain security. You should not go over the internet for RDP and all similar things because that's not safe. There should also be data protection. If you are doing RDP from your system to any virtual machines, you can do x y z. If you type the mstsc command on your machine, there is an option to attach your local machine disk to the remote desktop. Data privacy should be there. Bastion should not allow you to copy any data from your local machine. You have to play around only within the network.

Overall, I'd rate Bastion an eight out of ten. A little bit of modification is required, but the service is very good.