Azure Bastion: Allow invited user to login to Azure VM

Question

I have created an Azure VM in a VNet. The VM doesn't have any public IP, so the only way to log in is through Azure Bastion Host.

I have invited an external user and provided them the "Virtual Machine user login" access for the VM.

When the user is trying to connect to the VM using Bastion, no field is displayed on the Bastion page.

Can anyone please help me to understand what can be the possible reason for this? Also, what permission do I need to provide to the user to log in to the VM using Bastion Host successfully?

Answer 1

Azure Bastion article shared by @Mr. Annonymous in the comment section has helped me to resolve the issue.

Link of the article: https://viniciusdeschamps.com.br/grant-access-to-virtual-machine-using-azure-bastion/

Steps in summary:

1. Provide the "Virtual Machine User Login" role to the invited user for Virtual Machine.
2. Provide the "Virtual Machine User Login" role to the invited user for Network Interface Card(NIC) used with the Virtual Machine.
3. Provide the "Reader" role to the invited user for the Azure Bastion Host used to connect to the Virtual Machine.

Thanks @Mr. Annonymous

Answer 2

You need to enable/create Bastion for the VNet and resource group in which you have created this Virtual Machine (VM).

Also, give the region same as you have given for the Virtual Machine.

To create Bastion:

1. Go to Azure Portal.
2. Search for Bastion in Resources.
3. Then create it.