One of the great features of Azure Bastion is the possibility to share a link to connect to a VM in Azure, through Azure Bastion. The documentation is here:
Create a shareable link for Azure Bastion | Microsoft Learn
To start, you need to create a new Azure Bastion resource, in Standard SKU, not Basic. If you already have a Basic sku, you can upgrade to Standard.
Be sure, in configuration, to check the Shareable Link box:
When it is done, go to Shareable links menu and click on Add:
Choose the Subscription, Resource Group. After that select the VM to what you want to create a link. If you select 10 VMs, you will have 10 links:
It takes a few seconds to create the link:
This is the link that you need to share with people that needs to access this VM:
I will access it through my browser. Now, choose the protocol, and the port. Provide the username/password to connect to the VM:
If everything is correct, you are now connected to the VM:
You can see active sessions, from the Azure Bastion resource:
The link is available until you remove it:
Until the session is closed, the link stays available.
If you have NSG, of course, the link will not work if your source IP is not allowed in the NSG 😊 it will not bypass it.
If you would like to give access to create only shareable links in Azure Bastion, you can create a custom RBAC role, with these accesses:
Microsoft.Network/bastionHosts/createShareableLinks/action
Microsoft.Network/bastionHosts/deleteShareableLinks/action
Microsoft.Network/bastionHosts/deleteShareableLinksByToken/action
Microsoft.Network/bastionHosts/getShareableLinks/action
As you can see, this new feature is very helpful to do not give access to the Azure Portal to people who manage VM, but only a link to access it.