This is very interesting and exciting for me to connect to the ConfigMgr server using the Azure Bastion solution.
Let’s use Azure Bastion to connect to the Configuration Manager Server hosted in Azure. Let’s Setup Azure Bastion Connect to SCCM Server.
NOTE! – Azure Bastion connection uses SSL without any exposure through public IP addresses. More secured SCCM infra in Azure.
Introduction
You can connect to the SCCM server hosted in Azure using RDP protocol with a public IP. RDP is a stable and reliable way of connecting servers in the on-prem data center.
The servers hosted in the cloud should have some better way to connect from a laptop or desktop. I have read about the Azure Bastion solution from Microsoft to help us with a more secured remote connection.
This post teaches you how to connect SCCM servers hosted in Azure with the Azure Bastion solution.
What is Azure Bastion?
Azure Bastion is a fully managed PaaS service from Microsoft that provides secure and seamless RDP and SSH access to virtual machines hosted in Azure. Azure Baston helps to connect to VMs directly through the Azure portal.
Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without exposure to public IP addresses.
Prerequisites
I hope you already have SCCM | Configuration Manager infrastructure (LAB) in Azure.
- Azure Subscription
- Appropriate permissions to create VMs, Vnets, Public IPs, etc…
- Virtual Network (Subnets) for ConfigMgr LAB infrastructure in Azure
- Public IP and all the prerequisites of Azure Bastion
Setup Bastion Connection for SCCM Primary Server
- Login to Azure Portal https://portal.azure.com/
- Search for your SCCM|ConfigMgr Virtual Machine – CMMEMCM
- Click on Connect -> Bastion
- Otherwise, you can click on Connect button from the left side menu
- Select BASTION
- Click Use Bastion
Setting Up Bastion Connection Configuration
- Enter the name of the Bastion connection – MEMCMnet-Bastion
- Enter the New Subnet Name – AzureBastionSubnet (the mandatory name for all Azure Bastion subnets)
- Configure the subnet IP range /27 /26
- Click Manage subnet configuration to create the AzureBastionSubnet. Click Create to create the subnet, then proceed with the following settings.
- Create a Public IP address for Azure Bastion
- Enter the name of the Public IP addresses name – MEMCMNetSastionIP
- Select the Resource Group, which is already used for SCCM Lab infra in Azure
- Click Create
Creating A New Azure Bastion
Let’s wait until Azure creates a new Bastion connection for SCCM Server – Setup Azure Bastion Connect to SCCM Server.
Connect to Azure SCCM Server with Bastion
- Let’s connect to the virtual machine as shown below
- Search for your virtual machine in the Azure portal
- Click on CMMEMCM virtual machine (SCCM Primary server)
- Click on Connect to get the drop-down option to connect
- Select Bastion
- Connect using Azure Bastion
- Select the option Open in New Window
- Enter the User Name
- Enter the Password
- Click on CONNECT
- Connecting to ConfigMgr Primary server using Azure Bastion
- Connected to Bastion Host. Waiting for response
Results
- I’m connected to ConfigMgr | SCCM primary server using Azure Bastion
- Azure Bastion connection uses SSL without any exposure through public IP addresses. More secured SCCM infra in Azure.
Resources
- What is Azure Bastion? Microsoft documentation – https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
- Create a bastion host – specify settings