Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Access Azure Bastion without opening the portal

  • February 2, 2023
  • 5 min read
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.


One of the great features of Azure Bastion is the possibility to share a link to connect to a VM in Azure, through Azure Bastion. The documentation is here:

Create a shareable link for Azure Bastion | Microsoft Learn

To start, you need to create a new Azure Bastion resource, in Standard SKU, not Basic. If you already have a Basic sku, you can upgrade to Standard.

Be sure, in configuration, to check the Shareable Link box:

Shareable Link

When it is done, go to Shareable links menu and click on Add:

Do to Shareable links menu and click on Add

Choose the Subscription, Resource Group. After that select the VM to what you want to create a link. If you select 10 VMs, you will have 10 links:

Choose the Subscription, Resource Group

It takes a few seconds to create the link:

It takes a few seconds to create the link

This is the link that you need to share with people that needs to access this VM:

https://bst-d9205a86-c49e-4876-a5ae-a2f88d283252.bastion.azure.com/api/shareable-url/ae2f64e8-57b3-410b-b557-6c07d5f6c83b

I will access it through my browser. Now, choose the protocol, and the port. Provide the username/password to connect to the VM:

Choose the protocol, and the port

Azure Bastion

If everything is correct, you are now connected to the VM:

You are now connected to the VM

You can see active sessions, from the Azure Bastion resource:

wp-image-20767

The link is available until you remove it:

wp-image-20768

Until the session is closed, the link stays available.

If you have NSG, of course, the link will not work if your source IP is not allowed in the NSG 😊 it will not bypass it.

If you would like to give access to create only shareable links in Azure Bastion, you can create a custom RBAC role, with these accesses:

Microsoft.Network/bastionHosts/createShareableLinks/action
Microsoft.Network/bastionHosts/deleteShareableLinks/action
Microsoft.Network/bastionHosts/deleteShareableLinksByToken/action
Microsoft.Network/bastionHosts/getShareableLinks/action

As you can see, this new feature is very helpful to do not give access to the Azure Portal to people who manage VM, but only a link to access it.

Hey! Found Florent’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!