Microsoft has lifted the lid on its managed platform as a service (PaaS) product that seeks to protect exposed virtual machines (VMs) from outside threats.

The firm says it’s worked with hundreds of cloud customers across a wide area of industries to launch a preview of the service, which sits between the Azure portal to virtual interfaces.

It is said to guarantee a degree of safety when accessing off-internet VMs by providing seamless remote desktop protocol (RDP) and secure shell (SSH) connectivity via the secure sockets layer (SSL).

“For many customers around the world, securely connecting from the outside to workloads and virtual machines on private networks can be challenging,” Microsoft’s corporate vice president for Azure networking Yousef Khalidi said.

“Exposing virtual machines to the public Internet to enable connectivity through Remote Desktop Protocol (RDP) and Secure Shell (SSH), increases the perimeter, rendering your critical networks and attached virtual machines more open and harder to manage.”

Azure Bastion will feed directly into a customer’s Azure Virtual Network without the need to worry about managing network security policies, Khalidi added. The feedback Microsoft received from customers centred on the need for an easy and integrated way to deploy, run, and scale jump-servers or bastion hosts within Azure infrastructure.

Among the features are increased protection against port scanning due to limiting the exposure of VMs to the public internet. Azure Bastion is also reinforced by automatic patching, handled by Microsoft, to best guard customers against zero-day exploits.

Bastion hosts are generally known to be special purpose computers on networks that are specifically built to withstand cyber attacks. The computer normally hosts just one app, and all other services are removed or limited to reduce the threat surface.

Microsoft will be building out Azure Bastion over the coming months and adding more features as its developers progress the platform towards its general release.