How to configure the RDP connection for Azure VMs via Azure Bastion

When connecting to Azure VMs, there are a few ways you can establishing the connection. If using Windows VMs, most likely, you are connecting through Remote Desktop Protocol () session, so you can open a remote GUI session. However, opening the port (3389) to the internet is not a secure . Instead, many companies are now restricting how their users access VMs on Azure to limit it to Azure Bastion. Azure Bastion operates as a broker to VMs in a specific Azure Virtual , allowing secure traffic only (443 port).

When using Azure Bastion, you can either see the GUI of the VM in the browser window or use the native client – and that's when I started to notice that I could not edit some regular configs that I usually do when connecting to a remote .

Azure Bastion and RDP native client

By default, Azure Bastion doesn't allow for usage of the RDP native client. This feature needs to be enabled and is not available on the Basic SKU. To enable it, you need to make sure you're using the Standard tier, and mark the Native client support option:

Bastion Config 01.png

Once that is deployed, you can connect to the using the PowerShell command:

az login
az account set --subscription 
az network bastion rdp --name Test-vnet-bastion --resource-group TestRG --target-resource-id 

From the command above, the less obvious information needed is the VM Resource ID. To get that, you can either run a PowerShell command or use the Azure Portal. On PowerShell you can use:

Get-AzVM -ResourceGroupName TestRG -Name VM01 | Select-Object -Property id

On the Azure Portal, navigate to the VM, and on the overview page, select the JSON view link on the right-hand side. That will open the JSON output of the resource, but on top of that, you can see (and copy) the resource ID. It should look like this:


The command to open an RDP connection to the VM would look like this:

az network bastion rdp --name Test-vnet-bastion --resource-group TestRG --target-resource-id /subscriptions//resourceGroups/TestRG/providers/Microsoft.Compute/virtualMachines/VM01

Changing the RDP settings for Bastion connections

If you successfully ran the command above, the next screen that you'll see is this:

Bastion Config 02.png

The problem with this behavior is that you can't change the screen/display size and other configurations. In my case, I have 3 monitors on my home setup, each with a different screen resolution. By using the command above, the RDP connection was using all my monitors.

To fix this, you can simply add –configure to the end of the command:

az network bastion rdp --name Test-vnet-bastion --resource-group TestRG --target-resource-id /subscriptions//resourceGroups/TestRG/providers/Microsoft.Compute/virtualMachines/VM01 --configure

The command above will open the following screen:

Bastion Config 03.png

This is much better as it allows you to configure the RDP session just like any other VM you're used to connecting to.

I hope this quick trick is useful to you as it has been to me. Let us know what you think in the comments section below!


This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.