Merge pull request #50701 from lootle1/MR109

Technical Review 1055072: Introduction to Azure Bastion

Author: AnnaMHuff

learn-pr/azure/intro-to-azure-bastion/1-introduction.yml

@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.intro-to-azure-bastion.1-introduction  
-title: Introduction
-metadata:
-  unitType: introduction
-  title: Introduction to Azure Bastion
-  description: Provide secure and seamless connectivity to your virtual machines directly in the Azure portal
-  ms.date: 12/05/2023
-  author: cherylmc
-  ms.author: cherylmc
-  ms.topic: unit
-durationInMinutes: 4
-content: |
-  [!include[](includes/1-introduction.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.intro-to-azure-bastion.1-introduction  
+title: Introduction
+metadata:
+  unitType: introduction
+  title: Introduction to Azure Bastion
+  description: Provide secure and seamless connectivity to your virtual machines directly in the Azure portal
+  ms.date: 05/29/2025
+  author: cherylmc
+  ms.author: cherylmc
+  ms.topic: unit
+durationInMinutes: 4
+content: |
+  [!include[](includes/1-introduction.md)]
+

learn-pr/azure/intro-to-azure-bastion/2-what-is-azure-bastion.yml

@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.intro-to-azure-bastion.2-what-is-azure-bastion  
-title: What is Azure Bastion?  
-metadata:
-  unitType: learning-content
-  title: What is Azure Bastion?
-  description: What is Azure Bastion?
-  ms.date: 12/05/2023
-  author: cherylmc
-  ms.author: cherylmc
-  ms.topic: unit
-durationInMinutes: 5
-content: |
-  [!include[](includes/2-what-is-azure-bastion.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.intro-to-azure-bastion.2-what-is-azure-bastion  
+title: What is Azure Bastion?  
+metadata:
+  unitType: learning-content
+  title: What is Azure Bastion?
+  description: What is Azure Bastion?
+  ms.date: 05/29/2025
+  author: cherylmc
+  ms.author: cherylmc
+  ms.topic: unit
+durationInMinutes: 5
+content: |
+  [!include[](includes/2-what-is-azure-bastion.md)]
+

learn-pr/azure/intro-to-azure-bastion/3-how-azure-bastion-works.yml

@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.intro-to-azure-bastion.3-how-azure-bastion-works  
-title: How Azure Bastion works  
-metadata:
-  unitType: learning-content
-  title: How Azure Bastion works
-  description: How Azure Bastion works
-  ms.date: 12/05/2023
-  author: cherylmc
-  ms.author: cherylmc
-  ms.topic: unit
-durationInMinutes: 5
-content: |
-  [!include[](includes/3-how-azure-bastion-works.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.intro-to-azure-bastion.3-how-azure-bastion-works  
+title: How Azure Bastion works  
+metadata:
+  unitType: learning-content
+  title: How Azure Bastion works
+  description: How Azure Bastion works
+  ms.date: 05/29/2025
+  author: cherylmc
+  ms.author: cherylmc
+  ms.topic: unit
+durationInMinutes: 5
+content: |
+  [!include[](includes/3-how-azure-bastion-works.md)]
+

learn-pr/azure/intro-to-azure-bastion/4-when-to-use-azure-bastion.yml

@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.intro-to-azure-bastion.4-when-to-use-azure-bastion  
-title: When to use Azure Bastion  
-metadata:
-  unitType: learning-content
-  title: When to use Azure Bastion
-  description: When to use Azure Bastion
-  ms.date: 12/05/2023
-  author: cherylmc
-  ms.author: cherylmc
-  ms.topic: unit
-durationInMinutes: 5
-content: |
-  [!include[](includes/4-when-to-use-azure-bastion.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.intro-to-azure-bastion.4-when-to-use-azure-bastion  
+title: When to use Azure Bastion  
+metadata:
+  unitType: learning-content
+  title: When to use Azure Bastion
+  description: When to use Azure Bastion
+  ms.date: 05/29/2025
+  author: cherylmc
+  ms.author: cherylmc
+  ms.topic: unit
+durationInMinutes: 5
+content: |
+  [!include[](includes/4-when-to-use-azure-bastion.md)]
+

learn-pr/azure/intro-to-azure-bastion/5-knowledge-check.yml

@@ -1,72 +1,72 @@
-### YamlMime:ModuleUnit
-uid: learn.intro-to-azure-bastion.5-knowledge-check  
-title: Module assessment
-metadata:
-  unitType: knowledge_check
-  title: Module assessment
-  description: Knowledge check
-  ms.date: 12/05/2023
-  author: cherylmc
-  ms.author: cherylmc
-  ms.topic: unit
-durationInMinutes: 4
-content: |
-  [!include[](includes/5-knowledge-check.md)]
-quiz:
-  questions:
-  - content: "Which protocols do administrators typically use to remotely manage Azure VMs? Choose the best answer."
-    choices:
-    - content: "RDP"
-      isCorrect: false
-      explanation: "Incorrect. Although administrators do use RDP, they also use other protocols."
-    - content: "SSH"
-      isCorrect: false
-      explanation: "Incorrect. Although administrators do use SSH, they also use other protocols."
-    - content: "Both RDP and SSH"
-      isCorrect: true
-      explanation: "Correct. Administrators typically use both RDP and SSH to remotely administer Azure VMs."
-  - content: "When an administrator connects to Azure Bastion to open a remote connection to a hosted VM, which of the following connections occurs?"
-    choices:
-    - content: "Azure Bastion opens an RDP/SSH connection to the Azure VM using a private IP on the VM."
-      isCorrect: true
-      explanation: "Correct. Azure Bastion uses only private IP connections to the target VMs."
-    - content: "Azure Bastion opens an HTML5 connection to the Azure VM using a private IP on the VM."
-      isCorrect: false
-      explanation: "Incorrect. Azure Bastion uses RDP/SSH connections to the target VM."
-    - content: "Azure Bastion opens an RDP/SSH connection to the Azure VM using a public IP on the VM."
-      isCorrect: false
-      explanation: "Incorrect. Azure Bastion uses only private IPs on the configured virtual network. The VMs don't need a public IP."
-  - content: "When an administrator plans to deploy Azure Bastion, how and in which virtual network must they deploy it?"
-    choices:
-    - content: "They must deploy Azure Bastion in a different virtual network from the one that contains the VMs."
-      isCorrect: false
-      explanation: "Incorrect. Azure Bastion must be in the same virtual network as the managed VMs."
-    - content: "They must deploy Azure Bastion in the same virtual network as the one that contains the VMs, and in the same subnet."
-      isCorrect: false
-      explanation: "Incorrect. Although Azure Bastion should be deployed in the same virtual network, it must be in a different subnet."
-    - content: "They must deploy Azure Bastion in the same virtual network as the one that contains the VMs, and in a different subnet."
-      isCorrect: true
-      explanation: "Correct. Azure Bastion must be deployed in the same virtual network (or peered virtual network) as the VMs, but in its own subnet."
-  - content: "Your boss is concerned that by implementing Azure Bastion, you need to maintain it with patches and updates. Is your boss correct?"
-    choices:
-    - content: "No, your boss is wrong. Azure Bastion is a fully managed PaaS service that you don't need to patch or update."
-      isCorrect: true
-      explanation: "Correct. Azure Bastion is a fully managed PaaS service that requires no customer patching or updating."
-    - content: "Yes, your boss is partially correct. You must patch and update Azure Bastion, although not at regular intervals."
-      isCorrect: false
-      explanation: "Incorrect. Azure Bastion is a fully managed PaaS service and requires no customer patching or updating."
-    - content: "Yes, your boss is correct. You must periodically patch and update Azure Bastion."
-      isCorrect: false
-      explanation: "Incorrect. Azure Bastion is a fully managed PaaS service and requires no customer patching or updating."
-  - content: "When you deploy Azure Bastion, which of the following require a public IP?"
-    choices:
-    - content: "The Azure Bastion host in each virtual network requires a public IP."
-      isCorrect: true
-      explanation: "Correct. Only the Azure Bastion host in each virtual network requires a public IP."
-    - content: "The Azure Bastion host in each subnet in each virtual network requires a public IP."
-      isCorrect: false
-      explanation: "Incorrect. Although Azure Bastion requires a public IP, you don't need to deploy it in each subnet, but rather in each virtual network."
-    - content: "The VMs you want to connect to require a public IP."
-      isCorrect: false
-      explanation: "Incorrect. Your VMs have only private IPs."
-
+### YamlMime:ModuleUnit
+uid: learn.intro-to-azure-bastion.5-knowledge-check  
+title: Module assessment
+metadata:
+  unitType: knowledge_check
+  title: Module assessment
+  description: Knowledge check
+  ms.date: 05/29/2025
+  author: cherylmc
+  ms.author: cherylmc
+  ms.topic: unit
+durationInMinutes: 4
+content: |
+  [!include[](includes/5-knowledge-check.md)]
+quiz:
+  questions:
+  - content: "Which protocols do administrators typically use to remotely manage Azure VMs? Choose the best answer."
+    choices:
+    - content: "RDP"
+      isCorrect: false
+      explanation: "Incorrect. Although administrators do use RDP, they also use other protocols."
+    - content: "SSH"
+      isCorrect: false
+      explanation: "Incorrect. Although administrators do use SSH, they also use other protocols."
+    - content: "Both RDP and SSH"
+      isCorrect: true
+      explanation: "Correct. Administrators typically use both RDP and SSH to remotely administer Azure VMs."
+  - content: "When an administrator connects to Azure Bastion to open a remote connection to a hosted VM, which of the following connections occurs?"
+    choices:
+    - content: "Azure Bastion opens an RDP/SSH connection to the Azure VM using a private IP on the VM."
+      isCorrect: true
+      explanation: "Correct. Azure Bastion uses only private IP connections to the target VMs."
+    - content: "Azure Bastion opens an HTML5 connection to the Azure VM using a private IP on the VM."
+      isCorrect: false
+      explanation: "Incorrect. Azure Bastion uses RDP/SSH connections to the target VM."
+    - content: "Azure Bastion opens an RDP/SSH connection to the Azure VM using a public IP on the VM."
+      isCorrect: false
+      explanation: "Incorrect. Azure Bastion uses only private IPs on the configured virtual network. The VMs don't need a public IP."
+  - content: "When an administrator plans to deploy Azure Bastion, how and in which virtual network must they deploy it?"
+    choices:
+    - content: "They must deploy Azure Bastion in a different virtual network from the one that contains the VMs."
+      isCorrect: false
+      explanation: "Incorrect. Azure Bastion must be in the same virtual network as the managed VMs."
+    - content: "They must deploy Azure Bastion in the same virtual network as the one that contains the VMs and in the same subnet."
+      isCorrect: false
+      explanation: "Incorrect. Although Azure Bastion should be deployed in the same virtual network, it must be in a different subnet."
+    - content: "They must deploy Azure Bastion in the same virtual network as the one that contains the VMs and in a different subnet."
+      isCorrect: true
+      explanation: "Correct. Azure Bastion must be deployed in the same virtual network (or peered virtual network) as the VMs but in its own subnet."
+  - content: "Your boss is concerned that by implementing Azure Bastion, you need to maintain it with patches and updates. Is your boss correct?"
+    choices:
+    - content: "No, your boss is wrong. Azure Bastion is a fully managed PaaS service that you don't need to patch or update."
+      isCorrect: true
+      explanation: "Correct. Azure Bastion is a fully managed PaaS service that requires no customer patching or updating."
+    - content: "Yes, your boss is partially correct. You must patch and update Azure Bastion, although not at regular intervals."
+      isCorrect: false
+      explanation: "Incorrect. Azure Bastion is a fully managed PaaS service and requires no customer patching or updating."
+    - content: "Yes, your boss is correct. You must periodically patch and update Azure Bastion."
+      isCorrect: false
+      explanation: "Incorrect. Azure Bastion is a fully managed PaaS service and requires no customer patching or updating."
+  - content: "When you deploy Azure Bastion, which of the following require a public IP?"
+    choices:
+    - content: "The Azure Bastion host in each virtual network requires a public IP."
+      isCorrect: true
+      explanation: "Correct. Only the Azure Bastion host in each virtual network requires a public IP."
+    - content: "The Azure Bastion host in each subnet in each virtual network requires a public IP."
+      isCorrect: false
+      explanation: "Incorrect. Although Azure Bastion requires a public IP, you don't need to deploy it in each subnet, but rather in each virtual network."
+    - content: "The VMs you want to connect to require a public IP."
+      isCorrect: false
+      explanation: "Incorrect. Your VMs have only private IPs."
+

learn-pr/azure/intro-to-azure-bastion/6-summary.yml

@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.intro-to-azure-bastion.6-summary  
-title: Summary  
-metadata:
-  unitType: summary
-  title: Summary
-  description: Summary
-  ms.date: 12/05/2023
-  author: cherylmc
-  ms.author: cherylmc
-  ms.topic: unit
-durationInMinutes: 3
-content: |
-  [!include[](includes/6-summary.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.intro-to-azure-bastion.6-summary  
+title: Summary  
+metadata:
+  unitType: summary
+  title: Summary
+  description: Summary
+  ms.date: 05/29/2025
+  author: cherylmc
+  ms.author: cherylmc
+  ms.topic: unit
+durationInMinutes: 3
+content: |
+  [!include[](includes/6-summary.md)]
+

learn-pr/azure/intro-to-azure-bastion/includes/1-introduction.md

@@ -6,7 +6,7 @@ Server administrators understand that it's efficient to remotely administer and
 
 Suppose you have a line-of-business (LOB) app that supports your organization's research department. In the past, this app ran on a couple of Windows Server computers in your head office datacenter. Whenever you needed to administer the app, you connected using Remote Desktop Protocol (RDP) over TCP port **3389**. You also used Secure Shell (SSH), over port **22**, to administer the VMs. Because the app was hosted on a computing resource in a private datacenter, you had some concerns about access from malicious hackers over the internet. However, the app now runs on VMs hosted in Azure.
 
-To connect to the VMs, you must now expose a public IP address on each VM for your RDP/SSH connections. However, potential protocol vulnerabilities make this type of connection undesirable. As a solution, you could use a jump box VM to act as an intermediary between your management console and the target VMs. Or, you could consider implementing Azure Bastion.
+To connect to the VMs, you must now expose a public IP address on each VM for your RDP/SSH connections. However, potential protocol vulnerabilities make this type of connection undesirable. As a solution, you could use a jump box VM to act as an intermediary between your management console and the target VMs. Alternatively, you could consider implementing Azure Bastion.
 
 :::image type="content" source="../media/remote-admin.png" alt-text="A remote administrator connecting with RDP or SSH through the internet to Azure VMs. The VMs are accessible through a public IP address using port 3389 or port 22.":::
 

learn-pr/azure/intro-to-azure-bastion/includes/2-what-is-azure-bastion.md

@@ -4,7 +4,7 @@ It's vital to be able to securely administer and manage remote hosted VMs. To be
 
 Secure remote management is the ability to connect to a remote resource without exposing that resource to security risks. This type of connection can sometimes be challenging, especially if the resource is being accessed across the internet.
 
-When administrators connect to remote VMs, they typically use either RDP or SSH to achieve their administrative goals. The problem is, to connect to a hosted VM, you must connect to its public IP address. However, exposing the IP ports used by RDP and SSH (**3389** and **22**) to the internet is highly undesirable, because it presents significant security risks.
+When administrators connect to remote VMs, they typically use either RDP or SSH to achieve their administrative goals. The problem is that to connect to a hosted VM, you must connect to its public IP address. However, exposing the IP ports used by RDP and SSH (**3389** and **22**) to the internet is highly undesirable because it presents significant security risks.
 
 ## Azure Bastion definition
 
@@ -25,15 +25,15 @@ The following table describes the features that are available after you deploy A
 |No hassle of managing Network Security Groups (NSGs)| You don't need to apply any NSGs to the Azure Bastion subnet. Because Azure Bastion connects to your virtual machines over private IP, you can configure your NSGs to allow RDP/SSH from Azure Bastion only. This removes the hassle of managing NSGs each time you need to securely connect to your virtual machines.|
 |No need to manage a separate bastion host on a VM |Azure Bastion is a fully managed platform PaaS service from Azure that is hardened internally to provide you secure RDP/SSH connectivity.|
 |Protection against port scanning|Your VMs are protected against port scanning by rogue and malicious users because you don't need to expose the VMs to the internet.|
-|Hardening in one place only|Azure Bastion sits at the perimeter of your virtual network, so you don’t need to worry about hardening each of the VMs in your virtual network.|
+|Hardening in one place only|Azure Bastion sits at the perimeter of your virtual network, so you don't need to worry about hardening each of the VMs in your virtual network.|
 |Protection against zero-day exploits |The Azure platform protects against zero-day exploits by keeping the Azure Bastion hardened and always up to date for you.|
 
 ## How to avoid exposing remote management ports
 
 By implementing Azure Bastion, you can manage the Azure VMs within a configured Azure virtual network by using either RDP or SSH, without needing to expose those management ports to the public internet. By using Azure Bastion, you can:
 
 - Connect easily to your Azure VMs. Connect your RDP and SSH sessions directly in the Azure portal.
-- Avoid exposing management ports to the internet. Sign in to your Azure VMs and avoid public internet exposure by using SSH and RDP with private IP addresses only.
+- Avoid exposing management ports to the internet. Sign in to your Azure VMs, and avoid public internet exposure by using SSH and RDP with private IP addresses only.
 - Avoid extensive reconfiguration of your existing network infrastructure. Integrate and traverse existing firewalls and security perimeters by using a modern HTML5-based web client over TLS on port **443**.
 - Simplify sign in. Use your SSH keys for authentication when signing in to your Azure VMs.
 

learn-pr/azure/intro-to-azure-bastion/includes/3-how-azure-bastion-works.md

@@ -16,7 +16,7 @@ The following diagram depicts the architecture of a typical Azure Bastion deploy
 :::image type="content" source="../media/bastion-architecture.png" alt-text="The architecture of Azure Bastion, as described in the preceding text.":::
 
 > [!NOTE]
-> The protected VMs and the Azure  Bastion host are connected to the same virtual network, although in different subnets.
+> The protected VMs and the Azure Bastion host are connected to the same virtual network, although in different subnets.
 
 The typical connection process in Azure Bastion is as follows:
 

learn-pr/azure/intro-to-azure-bastion/includes/4-when-to-use-azure-bastion.md

@@ -34,7 +34,6 @@ To determine whether a jump box or Azure Bastion is the better option to remotel
 | **Ease of management** | Azure Bastion is a fully managed PaaS service. It's not a VM like a jump box, which requires regular updates. You don't need a client or agent to use Azure Bastion, nor do you need to apply patches and updates to it. You also don't need to install or maintain any other software on management consoles.|
 | **Integration** | You can integrate Azure Bastion with other native security services in Azure, such as Azure Firewall. Jump servers don't have this option. |
 
-
 > [!NOTE]
 > You deploy Azure Bastion per virtual network (or peered virtual network) rather than per subscription, account, or VM.