This document covers the permissions necessary to enable a user to access an Azure VM via Azure Bastion.
All permissions are granted via the Azure Portal, The user access is being granted to must have an account in the Azure AD tenant for the subscription the VM is in. They can be a guest user.
Select the Bastions resource
Select the Bastion the VM uses
Select Access control (IAM)
Add role assignment
Role - Reader
Assign access to - Azure AD user, group, or service principal
Select - the user or group
Select the Virtual machines resource
Select the VM you want to grant access to
Role - Virtual Machine User Login
Select the "Network interface:"
© 2023 Foray, LLC - All Rights Reserved