Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Security and Compliance

Securing Remote Virtual Machines Using Azure Bastion

Azure Sentinel News Editor by Azure Sentinel News Editor
November 25, 2020
in Security and Compliance
0
Watching the Watchers: Monitoring Azure Sentinel Query Activity for Malicious Activity.
4.5kViews
207 Shares Share on Facebook Share on Twitter

Remote Desktop Protocol (RDP) and Secure Shell (SSH) are both protocols used for accessing virtual machines (VMs) in the cloud. Azure uses RDP for Windows VMs and SSH for Linux. RDP is less than ideal as a secure protocol and it continues to see Microsoft regularly issue patches.

In June 2019, Microsoft announced Azure Bastion. As a managed Platform-as-a-Service (PaaS) offering, Azure Bastion lets you connect directly to VMs without assigning them a public IP address. Bastion acts as a jump server that forwards secure SSL connections from a browser to VMs. General availability was announced at Microsoft Ignite last year.

Securing Remote Virtual Machines Using Azure Bastion (Image Credit: Microsoft)

Bastion is useful in situations where it wouldn’t be cost effective to deploy your own secure connection solution in Azure or if you can’t connect to an Azure VNET using a virtual private network (VPN). If you are using Windows Virtual Desktop (WVD), you don’t need Azure Bastion. VMs provisioned using WVD are already protected using an architecture like that provided by Bastion.

How to deploy Azure Bastion

First check that the Azure region you want to use supports Bastion. You can find an up-to-date list of supported regions on Microsoft’s website here. You’ll also find detailed instructions on how to create an Azure Bastion host.

There are two ways you can set up Bastion in the Azure management portal. The first is to create a Bastion host resource manually. The process involves three main steps:

  1. Select a subscription, resource group, giving the Bastion host a name and assigning a region.
  2. Select an existing VNET or create a new one. The VNET must contain a subnet called AzureBastionSubnet with a prefix of at least /27.
  3. Finally, you need to assign a public IP address. You can select an existing IP address or create a new one.

Once the three main configuration steps are completed, you can also assign tags and review the settings before provisioning.

Image #2

Securing Remote Virtual Machines Using Azure Bastion (Image Credit: Russell Smith)

Changing VM connection settings

Alternatively, you can create a Bastion from the settings pane of an existing VM. Regardless of whether you have a Bastion host already deployed in your subscription, when connecting to a virtual machine using the Azure management portal, there is the option to select Bastion instead of RDP or SSH.

Assuming a Bastion isn’t already associated with the VNET where the virtual machine is located, you will be given the opportunity to create a Bastion. The process differs slightly from that described above in that you only need to specify the Bastion subnet, public IP address, and resource group.

Image #3

Securing Remote Virtual Machines Using Azure Bastion (Image Credit: Russell Smith)

Once the Bastion has been created, regardless of the method, you can connect securely to the VM by selecting Bastion instead of RDP or SSH when connecting via the Azure management portal from Edge or Google Chrome.

Image #4

Securing Remote Virtual Machines Using Azure Bastion (Image Credit: Russell Smith)

What else should you know before setting up Azure Bastion?

There are some disadvantages to using Azure Bastion. It’s not free, so be sure to check out pricing before you commit. IPv6 isn’t supported and nor are some advanced RDP features. Only text copy and paste are currently available. If you want to use features like drive redirection, you’ll need to connect to your VM directly using RDP. You can find a full list of frequently asked questions on Microsoft’s website.

Reference: https://petri.com/securing-remote-virtual-machines-using-azure-bastion

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Vectra AI and Microsoft partner on security integration
Security and Compliance

Replay Now Available – Microsoft Security Insights 036: Azure Sentinel with Rod Trent

February 8, 2021
What’s new: Microsoft Teams connector in Public Preview
Security and Compliance

eBook Available for Managing Azure Sentinel with PowerShell

January 6, 2021
Microsoft is quietly becoming a cybersecurity powerhouse
Security and Compliance

Official Azure Sentinel PowerShell Module Released

January 4, 2021
Next Post
Insight Recognized as a Microsoft Security 20/20 Partner Award Winner for Azure Security Deployment Partner of the Year

Remote State Management with Terraform Cloud

Azure Stack and Azure Arc for data services from Blog Posts – SQLServerCentral

Cloud-based Supercomputer Accelerates COVID-19 Drug Discovery

odix joins MISA program and integrates its FileWall with Microsoft Azure Sentinel

Upstream Security Joins the Microsoft Intelligent Security Association to Defend Against Automotive Cybersecurity Threats

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings

How to Get Splunk Data into Azure Sentinel

2 months ago
Vectra AI and Microsoft partner on security integration

How to Enable Line Numbers in Azure Sentinel to Aid Quicker Debugging of KQL Queries

2 months ago
Enriching Windows Security Events with Parameterized Function

How to Link to Related Workbooks within the Current Azure Sentinel Workbook

2 months ago
ITC Secure Achieves Microsoft Gold Partner Status

Controlling access to Azure Sentinel Data: Resource RBAC

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News