Microsoft Azure Administrator Associate AZ-104 Practice Question

Deploying an Azure Bastion host in the virtual network allows administrators to securely access the VMs using Remote Desktop Protocol (RDP) or Secure Shell (SSH) directly through the Azure portal over HTTPS. This method does not require public IP addresses on the VMs or changes to NSG rules, as Azure Bastion provides secure connectivity over TLS.

Configuring a point-to-site VPN (Option 1) would require setting up VPN clients on administrator workstations and maintaining VPN infrastructure. While this provides secure access, it adds complexity and requires VPN connectivity. Enabling just-in-time VM access (Option 2) still necessitates opening inbound NSG ports and possibly assigning public IPs, which the scenario aims to avoid. Adding a public load balancer (Option 4) would expose the VMs to the internet, conflicting with the security requirements.