Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure Portal. Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without any exposure through public IP addresses.

  • Connect your RDP and SSH sessions directly in the Azure Portal using a single click experience
  • Log into your Azure virtual machines and avoid public Internet exposure using SSH and RDP with private IP addresses only
  • Integrate and traverse existing firewalls and security perimeter using a modern HTML5 based web client and standard SSL ports
  • Use your SSH keys for authentication when logging into your Azure virtual machines

Limit public exposure of virtual machine IPs

Access all virtual machines within a virtual network through a single hardened access point. Exposing the bastion host as primary exposed public access helps lockdown of public Internet exposure and limit threats such as port scanning and other types of malware targeting your VMs.

Please visit below link for more info about Azure Bastian:

https://azure.microsoft.com/en-us/services/azure-bastion/#security