Bastion Native Client Guide

Using a native client does not mean sacrificing security. Because the connection is initiated through the cloud's identity layer, you can enforce policies. This ensures that only authorized users on compliant devices can even attempt to open a tunnel to the internal network. Furthermore, because the target VMs remain on private IPs, they are effectively shielded from internet-based port scanning and automated brute-force attacks. Microsoft Learn

Use tools you already know, such as Windows RDC (mstsc) or native SSH on macOS and Linux, instead of a browser window. bastion native client

Integrates with Microsoft Entra ID (formerly Azure AD) for multi-factor authentication (MFA) and conditional access rules. How to Configure Bastion for Native Client Connections Using a native client does not mean sacrificing security

The native client feature, primarily associated with Azure Bastion, allows you to use your local computer’s terminal or RDP application to reach VMs that do not have public IP addresses. This feature is available on and Premium SKUs and acts as a secure tunnel between your local environment and your private cloud network. Key Benefits of Native Client Support Furthermore, because the target VMs remain on private