This is very interesting and exciting for me to connect to ConfigMgr server using Azure Bastion solution. Let’s use Azure Bastion to connect to Configuration Manager Server hosted in Azure. Let’s Setup Azure Bastion Connect to SCCM Server.
NOTE! – Azure Bastion connection uses SSL without any exposure through public IP addresses. More secured SCCM infra in Azure.
You can connect to SCCM server hosted in Azure using RDP protocol with a public IP. RDP is stable and reliable way of connecting servers in on-prem data center.
The servers hosted in cloud should have some better way to connect from laptop or desktop. I have read about Azure Bastion solution from Microsoft to help us with more secured remote connection.
In this post, you learn how to connect SCCM servers hosted in Azure with Azure Bastion solution.
What is Azure Bastion?
Azure Bastion is a fully managed PaaS service from Microsoft that provides secure and seamless RDP and SSH access to virtual machines hosted in Azure. Azure Baston helps to connect to VMs directly through the Azure portal.
Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without any exposure through public IP addresses.
I’m hoping that you already have SCCM | Configuration Manager infrastructure (LAB) in Azure.
- Azure Subscription
- Appropriate permissions to create VMs, Vnets, Public IPs etc…
- Virtual Network (Subnets) for ConfigMgr LAB infrastructure in Azure
- Public IP and all the prerequisites of Azure Bastion
Setup Bastion Connection for SCCM Primary Server
- Login to Azure Portal https://portal.azure.com/
- Search for your SCCM|ConfigMgr Virtual Machine – CMMEMCM
- Click on Connect -> Bastion
- Otherwise, you can click on Connect button from the left side menu
- Select BASTION
- Click Use Bastion
Setting Up Bastion Connection Configuration
- Enter the name of the Bastion connection – MEMCMnet-Bastion
- Enter the New Subnet Name – AzureBastionSubnet (mandatory name for all Azure Bastion subnets)
- Configure the subnet IP range /27 /26
- Click Manage subnet configuration to create the AzureBastionSubnet. Click Create to create the subnet, then proceed with the next settings
- Create Public IP address for Azure Bastion
- Enter the name of the Public IP addresses name – MEMCMNetSastionIP
- Select the Resource Group which is already used for SCCM Lab infra in Azure
- Click Create
Creating A New Azure Bastion
Let’s wait until Azure creates a new Bastion connection for SCCM Server – Setup Azure Bastion Connect to SCCM Server.
Connect to Azure SCCM Server with Bastion
- Let’s connect to virtual machine as shown below
- Search for your virtual machine in Azure portal
- Click on CMMEMCM virtual machine (SCCM Primary server)
- Click on Connect to get drop-down option to connect
- Select Bastion
- Connect using Azure Bastion
- Select the option Open in New Window
- Enter the User Name
- Enter the Password
- Click on CONNECT
- Connecting to ConfigMgr Primary server using Azure Bastion
- Connected to Bastion Host. Waiting for response
- I’m connected to ConfigMgr | SCCM primary server using Azure Bastion
- Azure Bastion connection uses SSL without any exposure through public IP addresses. More secured SCCM infra in Azure.
- What is Azure Bastion? Microsoft documentation – https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
- Create a bastion host – specify settings