Azure Bastion
Remote desktop software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Azure Bastion and its alternatives fit your requirements.
¥1.932 per hour
Free TrialFree version
Small
Medium
Large
- Information technology and software
- Banking and insurance
- Public sector and nonprofit organizations
What is Azure Bastion
Azure Bastion is a managed service in Microsoft Azure that provides browser-based RDP and SSH access to virtual machines without exposing those workloads via public IP addresses. It is primarily used by cloud and infrastructure teams to administer Azure IaaS resources while keeping remote access within the Azure network boundary. The service is deployed into an Azure virtual network and brokers remote sessions through the Azure portal (and supported client scenarios), reducing the need to operate jump servers. It is designed for Azure-hosted resources rather than general-purpose remote support across heterogeneous endpoints.
No public IP exposure
Azure Bastion enables RDP/SSH access to Azure VMs without assigning public IPs to the target machines. This reduces the need to open inbound ports (for example, 3389/22) on internet-facing network security rules. It also centralizes remote access through a managed entry point in the virtual network. For organizations standardizing on Azure, this aligns remote administration with cloud network segmentation practices.
Managed jump-host alternative
The service removes the operational burden of building, patching, and monitoring self-managed bastion/jump servers. Microsoft operates the Bastion infrastructure as a platform service, while customers manage configuration and access controls. This can simplify architecture compared with maintaining dedicated remote access hosts per environment. It is particularly useful for teams that want consistent access patterns across multiple VNets and subscriptions.
Azure-native access controls
Azure Bastion integrates with Azure identity and access management patterns, including Azure RBAC for portal access and Azure networking controls around the Bastion subnet. Session access is typically governed by Azure permissions and network reachability rather than installing agents on endpoints. This fits environments that already use Azure Policy, logging, and resource governance. It also supports administrative workflows directly from the Azure portal for VM management.
Azure-only scope
Azure Bastion is designed for accessing resources in Azure virtual networks and is not a general remote desktop tool for arbitrary end-user devices. It does not replace cross-platform remote support products that connect to laptops, mobile devices, or on-prem endpoints via lightweight agents. Organizations with mixed cloud/on-prem estates may still need additional tooling for non-Azure targets. This can lead to a split toolset for remote access.
Portal-centric user experience
Common usage relies on the Azure portal for launching RDP/SSH sessions, which may not match workflows that require rich technician consoles, unattended access libraries, or customer-facing support features. While integrations and client options exist, the experience is oriented toward infrastructure administration rather than help-desk remote support. Features such as ticketing integration, end-user prompting, and multi-session technician collaboration are not the primary focus. Teams may find it less suitable for service-desk operations.
Cost and network prerequisites
Azure Bastion requires deployment into a virtual network with a dedicated subnet and associated configuration, which adds planning overhead. Ongoing costs depend on the chosen SKU and usage patterns, and may be higher than self-managed jump hosts for some low-scale scenarios. Network design (VNets, peering, routing) affects which resources are reachable through Bastion. These prerequisites can slow adoption in environments with immature Azure networking standards.
Plan & Pricing
| Plan | Price (official regional listing) | Key features & notes |
|---|---|---|
| Developer | Free (Azure Bastion Developer — listed as 免费 / 免费用) | Low-cost / multi-tenant SKU for dev/test; no hourly charges according to official Microsoft pages. (Developer SKU shown as Free on official Azure pages.) |
| Basic | ¥1.932 per hour (China pricing page) | Entry production SKU; billed hourly; Basic historically the lowest paid SKU. (Official China pricing page lists ¥1.932/hr.) |
| Standard | ¥2.952 per hour (China pricing page) | Includes 2 instances in base price; supports native client, scaling; billed hourly. (Official China pricing page lists ¥2.952/hr.) |
| Additional Standard Instance | ¥1.42464 per hour (China pricing page) | Hourly price per additional scale unit beyond base instances. |
| Premium | ¥4.58 per hour (China pricing page) | Premium SKU (session recording, private-only, etc.); billed hourly. |
| Additional Premium Instance | ¥2.23 per hour (China pricing page) | Hourly price per additional premium scale unit. |
Outbound data transfer (official China page):
- First 5 GB / month: Free.
- 5 GB - 10 TB / month: ¥0.885 per GB.
- Next 40 TB (10 TB - 50 TB) / month: ¥0.844 per GB.
- Next 100 TB (50 TB - 150 TB) / month: ¥0.712 per GB.
- Next 350 TB (150 TB - 500 TB) / month: ¥0.508 per GB.
- Over 500 TB / month: Contact us.
Notes:
- The global (en-us) Azure Bastion pricing page shows SKU names and the pricing model but did not render numeric USD rates in the content retrieved (values are region/currency dependent and shown dynamically on the official site). See official China-region pricing page (above) for explicit numeric values in CNY. Pricing is hourly and billed from deploy-to-delete plus outbound data transfer tiers. Prices vary by region and currency and may differ under your agreement.
Seller details
Microsoft Corporation
Redmond, Washington, United States
1975
Public
https://www.microsoft.com/
https://x.com/Microsoft
https://www.linkedin.com/company/microsoft/
