Learn how to connect to Windows Virtual Machines on Azure

To connect to a Windows Virtual Machine (VM) on Azure, there are several methods, each suited to different scenarios.

Below is a detailed guide on how to connect to your Windows VM using various methods.

Remote Desktop Protocol (RDP)

RDP is the most common way to connect to a Windows VM in Azure.

Steps

Ensure the VM has a Public IP

1. In the Azure portal, navigate to the VM and check its Public IP Address.

2. If the VM doesn’t have a public IP, you may need to assign one to it (or use Azure Bastion if you prefer not to expose it directly to the internet).

Verify Network Security Group (NSG) Rules

Ensure that the NSG (Network Security Group) attached to the VM or its subnet allows inbound traffic on port 3389 (RDP).

The rule should look like this:

1. Protocol: TCP

2. Port: 3389

3. Source: Any (or restrict it to a specific IP range for better security)

Use RDP Client

1. On your local machine, open the Remote Desktop Connection app (on Windows, type "Remote Desktop Connection" in the Start menu).

2. Enter the Public IP address of the VM in the Computer field.

3. Click Connect.

Login

1. When prompted, enter the username and password that you specified when creating the VM.

2. You should now be connected to your Windows VM.

Azure Bastion

Azure Bastion provides a secure way to connect to your VM without needing a public IP address for the VM.

It uses a browser-based RDP or SSH session.

Steps

Deploy Azure Bastion

1. In the Azure portal, search for Azure Bastion.

2. Click on + Create and deploy Azure Bastion to the same Virtual Network (VNet) as your Windows VM.

Connect Using Bastion

1. Once Azure Bastion is deployed, go to your VM's Overview page in the Azure portal.

2. Click on Connect, then select Bastion.

3. In the Bastion tab, click Use Bastion.

4. Enter the username and password of your Windows VM.

Access the VM

1. A browser window will open with an RDP session directly to the Windows VM.

2. You can now manage the VM through this secure RDP connection.

Benefits

1. No need for a public IP.

2. The connection is made securely over the Azure platform without exposing your VM directly to the internet.

Cloud Shell (via RDP)

Azure Cloud Shell provides a browser-based shell for managing Azure resources.

You can use Cloud Shell to initiate an RDP session if you have a public IP.

Steps

Open Cloud Shell

1. In the Azure portal, click on the Cloud Shell icon (top-right corner).

2. Choose PowerShell or Bash, depending on your preference.

Get the VM's Public IP

1. Run the following Azure CLI command to get the VM's public IP address:

xxxxxxxxxx
5
1
az vm show \
2
--name <VM-name> \
3
--resource-group <Resource-group-name> \
4
--query "publicIps" \
5
--output tsv

2. Alternatively, you can find the public IP address directly in the Azure portal under the VM's Overview section.

Use RDP

1. Once you have the public IP, use an RDP client (like Remote Desktop Connection) from your local machine to connect to the VM.

2. Enter the public IP address, and use your VM username and password to log in.

VPN (Virtual Private Network)

If you want to avoid exposing the VM to the public internet, you can set up a VPN connection to your Azure Virtual Network (VNet) and then connect to the Windows VM using RDP over the private IP.

Steps

Set Up a VPN Gateway

1. In the Azure portal, create a VPN Gateway in the same Virtual Network as your VM.

2. Configure a Point-to-Site VPN or Site-to-Site VPN depending on your requirements.

Connect to the VNet

Establish a VPN connection from your local machine to the Azure VNet using your preferred VPN client (e.g., OpenVPN, built-in Windows VPN client, etc.).

Connect to the VM via RDP

1. Once connected to the VNet, use Remote Desktop Connection with the private IP address of the Windows VM.

2. Enter the username and password to log in.

Benefits

1. Provides secure access to VMs without exposing them to the public internet.

2. Ensures that only authorized users within the VPN can access the VM.

Azure Serial Console

The Azure Serial Console allows you to troubleshoot a Windows VM at a low level, even if networking is not configured or the VM is unresponsive.

Steps

Enable Serial Console

1. Ensure that the Serial Console feature is enabled on your VM.

2. It is enabled by default for most VM sizes.

Access Serial Console

1. In the Azure portal, navigate to the VM’s Overview page.

2. Under the Support + troubleshooting section, select Serial Console.

3. A browser-based terminal window will open, allowing you to interact with the VM’s console.

Login

1. You will be prompted for your VM username and password.

2. The Serial Console provides command-line access for troubleshooting or recovery.

Benefits

1. Useful for troubleshooting unresponsive VMs.

2. Provides low-level access to VMs even if RDP is not functional.

PowerShell/CLI (With Managed Identity)

If your VM is configured with Managed Identity, you can interact with the VM programmatically using Azure CLI or PowerShell for tasks like retrieving VM details or executing remote commands.

Steps

Set Up Managed Identity

Ensure the Managed Identity is enabled on the VM.

Use PowerShell or Azure CLI

Use Azure PowerShell or CLI to authenticate and perform operations, such as:

1. Retrieving credentials.

2. Managing resources via command line.

3. Running scripts or automation.

Third-Party Tools (Remote Desktop Manager, MobaXterm, etc.)

Third-party tools like MobaXterm, Remote Desktop Manager, or Termius can also be used to manage RDP sessions for Windows VMs.

Steps

Install Third-Party Tools

Install the third-party RDP tool of your choice.

Configure Connection

Enter the VM’s public or private IP (if using VPN), RDP port (3389), and login credentials.

Connect

Establish an RDP connection using the third-party tool.

Key Considerations for Connecting to Windows VMs

Security

1. Use Azure Bastion or a VPN to avoid exposing your VM to the public internet.

2. Consider multi-factor authentication for additional security.

RDP Restrictions

Avoid exposing RDP directly to the internet via public IPs in production environments. If using public IPs, restrict access via NSG rules to specific IP addresses or ranges.

Network Security Group (NSG)

Ensure the proper NSG rules are configured to allow TCP port 3389 (RDP).

Summary

We learned following methods to connect to Windows Virtual Machines on Azure.

1. RDP (Public IP)

2. Azure Bastion (No Public IP needed)

3. Cloud Shell (via RDP)

4. VPN (Private IP)

5. Serial Console (Low-level access)

6. PowerShell/CLI (With Managed Identity)

7. Third-Party Tools (Remote Desktop Manager, MobaXterm, etc.)

By choosing the method that best fits your security and access requirements, you can securely and efficiently connect to your Windows VM on Azure.