You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/bastion/bastion-faq.md
+13-7Lines changed: 13 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn about frequently asked questions for Azure Bastion.
4
4
author: cherylmc
5
5
ms.service: bastion
6
6
ms.topic: conceptual
7
-
ms.date: 08/03/2023
7
+
ms.date: 08/08/2023
8
8
ms.author: cherylmc
9
9
---
10
10
# Azure Bastion FAQ
@@ -98,7 +98,7 @@ Yes, [Azure AD guest accounts](../active-directory/external-identities/what-is-b
98
98
99
99
### <aname="shareable-links-domains"></a>Are custom domains supported with Bastion shareable links?
100
100
101
-
No, custom domains are not supported with Bastion shareable links. Users will receive a certificate error upon trying to add specific domains in the CN/SAN of the Bastion host certificate.
101
+
No, custom domains aren't supported with Bastion shareable links. Users receive a certificate error upon trying to add specific domains in the CN/SAN of the Bastion host certificate.
102
102
103
103
## <aname="vm"></a>VM features and connection FAQs
104
104
@@ -111,9 +111,11 @@ In order to make a connection, the following roles are required:
111
111
* Reader role on the Azure Bastion resource.
112
112
* Reader role on the virtual network of the target virtual machine (if the Bastion deployment is in a peered virtual network).
113
113
114
+
Additionally, the user must have the rights (if required) to connect to the VM. For example, if the user is connecting to a Windows VM via RDP and isn't a member of the local Administrators group, they must be a member of the Remote Desktop Users group.
115
+
114
116
### <aname="publicip"></a>Do I need a public IP on my virtual machine to connect via Azure Bastion?
115
117
116
-
No. When you connect to a VM using Azure Bastion, you don't need a public IP on the Azure virtual machine that you're connecting to. The Bastion service will open the RDP/SSH session/connection to your virtual machine over the private IP of your virtual machine, within your virtual network.
118
+
No. When you connect to a VM using Azure Bastion, you don't need a public IP on the Azure virtual machine that you're connecting to. The Bastion service opens the RDP/SSH session/connection to your virtual machine over the private IP of your virtual machine, within your virtual network.
117
119
118
120
### <aname="rdpssh"></a>Do I need an RDP or SSH client?
119
121
@@ -145,7 +147,7 @@ Azure Bastion offers support for file transfer between your target VM and local
145
147
146
148
### <aname="aadj"></a>Does Bastion hardening work with AADJ VM extension-joined VMs?
147
149
148
-
This feature doesn't work with AADJ VM extension-joined machines using Azure AD users. For more information, see [Log in to a Windows virtual machine in Azure by using Azure AD](../active-directory/devices/howto-vm-sign-in-azure-ad-windows.md#requirements).
150
+
This feature doesn't work with AADJ VM extension-joined machines using Azure AD users. For more information, see [Sign in to a Windows virtual machine in Azure by using Azure AD](../active-directory/devices/howto-vm-sign-in-azure-ad-windows.md#requirements).
149
151
150
152
### <aname="rdscal"></a>Does Azure Bastion require an RDS CAL for administrative purposes on Azure-hosted VMs?
151
153
@@ -177,7 +179,11 @@ To set your target language as your keyboard layout on a Windows workstation, na
177
179
178
180
### <aname="shortcut"></a>Is there a keyboard solution to toggle focus between a VM and browser?
179
181
180
-
Users can use "Ctrl+Shift+Alt" to effectively switch focus between the VM and the browser.
182
+
Users can use "Ctrl+Shift+Alt" to effectively switch focus between the VM and the browser.
183
+
184
+
### <aname="keyboard-focus"></a>How do I take keyboard or mouse focus back from an instance?
185
+
186
+
Click the Windows key twice in a row to take back focus within the Bastion window.
181
187
182
188
### <aname="res"></a>What is the maximum screen resolution supported via Bastion?
183
189
@@ -223,12 +229,12 @@ Make sure the user has **read** access to both the VM, and the peered VNet. Addi
223
229
|Microsoft.Network/virtualNetworks/subnets/virtualMachines/read|Gets references to all the virtual machines in a virtual network subnet|Action|
224
230
|Microsoft.Network/virtualNetworks/virtualMachines/read|Gets references to all the virtual machines in a virtual network|Action|
225
231
226
-
### My privatelink.azure.com cannot resolve to management.privatelink.azure.com
232
+
### My privatelink.azure.com can't resolve to management.privatelink.azure.com
227
233
228
234
This may be due to the Private DNS zone for privatelink.azure.com linked to the Bastion virtual network causing management.azure.com CNAMEs to resolve to management.privatelink.azure.com behind the scenes. Create a CNAME record in their privatelink.azure.com zone for management.privatelink.azure.com to arm-frontdoor-prod.trafficmanager.net to enable successful DNS resolution.
229
235
230
236
231
237
232
238
## Next steps
233
239
234
-
For more information, see [What is Azure Bastion](bastion-overview.md).
240
+
For more information, see [What is Azure Bastion](bastion-overview.md).
0 commit comments