Control: Azure > CIS v5.0 > 8 - Security Services > 8.04 - Azure Bastion > 8.04.01 - Ensure an Azure Bastion Host Exists

Configures auditing against a CIS Benchmark item.

Level: 2

Azure Bastion is a fully managed PaaS service providing secure and seamless RDP and SSH access to virtual machines directly through the Azure Portal. Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without any exposure through public IP addresses.

Azure Bastion provides secure RDP/SSH connectivity to all VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH.

Resource Types

This control targets the following resource types:

Azure > Subscription

Policies

This control type relies on these other policies when running actions:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-cisv5-0#/control/types/r080401

Category URI

tmod:@turbot/cis#/control/categories/v071201

GraphQL

query controlType(id: "tmod:@turbot/azure-cisv5-0#/control/types/r080401") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-cisv5-0#/control/types/r080401'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv5-0#/control/types/r080401"