With Azure Bastion and shareable links deployment, RDP and SSH connections to virtual machines in Azure can be made quickly and securely from anywhere. The virtual machines do not need a public IP address, agents or other software, and the time-consuming management of NSGs (network security groups) or VPNs is also eliminated.
Azure Bastion uses a web client based on HTML5 that uses TLS over port 443 and is a PaaS (Platform-as-a-Service) service. Regular updated and managed by Microsoft, this Azure service provides an extra layer of protection against zero-day exploits.