Preface: Why only 200 crappy words?
In its Basic SKU, Azure Bastion provides the ability to securely connect to VMs running in Azure via the portal without the need for a public IP address, I say in its Basic SKU because Microsoft has recently released a more feature-rich variant in the form of Standard SKU.
The Standard SKU adds:
- Scaling to support a far greater number of connections for enterprises with hundreds of VMs)
- Secure transfer files (as opposed to text copy and paste in the Basic SKU)
- Ability to connect to machines outside of Azure via IP address (assuming direct line of sight between the Bastion and target machine)
- Ability to connect using the Microsoft Terminal Services Client (MSTSC) using Azure CLI outside of the Azure portal
This post will focus on the ability to connect MSTSC
If you are going to follow along, you will first need to deploy a Bastion, ensuring it’s of the Standard SKU – click here for the KB describing the process in more detail

You’ll also need to install Azure CLI if you haven’t already, or if you have it installed already I’d suggest upgrading to the latest version to ensure you have the latest command libraries available – – AZ CLI KB here

After deploying a new Standard SKU Bastion and before attempting to connect to a VM you must enable Native Client Support. To do that navigate to your Bastion in the Azure portal, select Configuration from the navigation pane and click “Native Client Support” – note, that this took a few minutes to process.

Once you have completed the above you’re ready to connect to a VM, thankfully there are only a few simple AZ CLI commands to execute:
#The three lines below authenticate you to Azure and select the appropriate subscription which hosts the Bastion and target VM
az login
az account list
az account set --subscription "<subscription ID>"
#The line below initiates the Bastion session to the target VM
az network bastion rdp --name "<BastionName>" --resource-group "<ResourceGroupName>" --target-resource-id "<VMResourceId>"

You’ll be challenged for credentials as expected with any RDP connection and once successfully authenticated you’ll be presented with your remote session!

Word Count: 304! (Minus code excepts)