Ensure an Azure Bastion Host Exists
Why This Matters
Exposing Remote Desktop Protocol (RDP) on port 3389 or Secure Shell (SSH) on port 22 directly to the internet creates a significant attack surface for brute force and credential theft. Azure Bastion eliminates these risks by providing TLS-secured access through the Azure portal, enforcing Azure Active Directory authentication, Multi-Factor Authentication, and Conditional Access policies for all virtual machine connections. Without Bastion, administrators must either assign public IP addresses to VMs or rely on complex jump box configurations, both of which increase security overhead and exposure.
What Aether365 Checks
This check verifies that at least one Azure Bastion host is deployed and active in your Azure subscription. Aether365 scans your network resources and reports the Bastion deployment status on the dashboard under azure-bastion security checks.