I have created an Azure VM in a VNet. The VM has no public IP, so the only way to log in is through Azure Bastion Host.
I have invited an external user and provided them the "Virtual Machine user login" access for the VM.
When the user tries connecting to the VM using Bastion, no field is displayed on the Bastion page.
Can anyone please help me to understand what can be the possible reason for this? Also, what permission do I need to give the user to successfully log in to the VM using Bastion Host?
I have followed these steps as well:
Provide the "Virtual Machine User Login" role to the invited user for Virtual Machine.
Provide the "Virtual Machine User Login" role to the invited user for Network Interface Card(NIC) used with the Virtual Machine.
Provide the "Reader" role to the invited user for the Azure Bastion Host used to connect to the Virtual Machine.
Please let me know if is there any issue with the steps or how should I troubleshoot it.
Along with assigned role, make sure to add below roles to invite the user:
To connect to the Windows VM, make sure you have open Inbound ports: RDP (3389) and try to connect bastion host.
If still no field is displayed on the Bastion page, try to create an azure ad group add a user in that group and add role assignment to that group like below.
Now, try to grant Virtual Machine User Login and reader role assignment to that group which makes connection successful.
You can make use of below PowerShell commands to assign the required role.
Reference:
Azure Bastion: Set the minimum required roles to access a virtual machine credits by Wim Matthyssen