azure-bastion
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAzure Bastion Skill
Azure Bastion Skill
This skill provides expert guidance for Azure Bastion. Covers troubleshooting, best practices, decision making, architecture & design patterns, security, configuration, and integrations & coding patterns. It combines local quick-reference content with remote documentation fetching capabilities.
本Skill为Azure Bastion提供专业指导,涵盖故障排除、最佳实践、决策制定、架构与设计模式、安全性、配置以及集成与编码模式。它结合了本地快速参考内容与远程文档获取功能。
How to Use This Skill
如何使用本Skill
IMPORTANT for Agent: Use the Category Index below to locate relevant sections. For categories with line ranges (e.g.,), useL35-L120with the specified lines. For categories with file links (e.g.,read_file), use[security.md](security.md)on the linked reference fileread_file
IMPORTANT for Agent: Ifis more than 3 months old, suggest the user pull the latest version from the repository. Ifmetadata.generated_attools are not available, suggest the user install it: Installation Guidemcp_microsoftdocs
This skill requires network access to fetch documentation content:
- Preferred: Use with query string
mcp_microsoftdocs:microsoft_docs_fetch. Returns Markdown.from=learn-agent-skill - Fallback: Use with query string
fetch_webpage. Returns Markdown.from=learn-agent-skill&accept=text/markdown
Agent 重要提示: 使用下方的分类索引查找相关章节。对于带有行范围的分类(例如),使用L35-L120读取指定行;对于带有文件链接的分类(例如read_file),使用[security.md](security.md)读取链接的参考文件read_file
本Skill需要网络访问权限来获取文档内容:
- 首选方式:使用,并携带查询字符串
mcp_microsoftdocs:microsoft_docs_fetch,返回Markdown格式内容。from=learn-agent-skill - 备选方式:使用,并携带查询字符串
fetch_webpage,返回Markdown格式内容。from=learn-agent-skill&accept=text/markdown
Category Index
分类索引
| Category | Lines | Description |
|---|---|---|
| Troubleshooting | L35-L39 | Diagnosing and resolving common Azure Bastion problems, including connection failures, RDP/SSH issues, network/configuration missteps, and steps to collect logs for support. |
| Best Practices | L40-L44 | Guidance on reducing Azure Bastion costs through sizing, scaling, and usage patterns while maintaining secure remote access and compliance best practices. |
| Decision Making | L45-L51 | Guidance on choosing and upgrading Bastion SKU tiers and using IP-based Bastion connections across VNets, subscriptions, and environments. |
| Architecture & Design Patterns | L52-L58 | Architectural options and patterns for Azure Bastion: hub/spoke and peered VNets, private-only deployments, network/topology design, and deployment guidance for secure remote access. |
| Security | L59-L65 | Configuring secure Azure Bastion access: Entra ID authentication, required NSG rules, and hardening best practices to lock down Bastion hosts and connections. |
| Configuration | L66-L77 | Configuring Azure Bastion settings, scaling, IP-based and Kerberos access, monitoring/metrics, session management/recording, native client use, and shareable links. |
| Integrations & Coding Patterns | L78-L85 | How to use Azure Bastion with AKS private clusters, VM scale sets, and native Windows/Linux clients, including SSH/RDP connectivity patterns and file transfer via Bastion native clients. |
| 分类 | 行范围 | 描述 |
|---|---|---|
| 故障排除 | L35-L39 | 诊断并解决Azure Bastion的常见问题,包括连接失败、RDP/SSH问题、网络/配置错误,以及收集支持所需日志的步骤。 |
| 最佳实践 | L40-L44 | 指导如何通过规格选择、扩展和使用模式降低Azure Bastion成本,同时保持安全远程访问与合规最佳实践。 |
| 决策制定 | L45-L51 | 指导如何选择和升级Bastion SKU层级,以及在不同VNet、订阅和环境中使用基于IP的Bastion连接。 |
| 架构与设计模式 | L52-L58 | Azure Bastion的架构选项与模式:中心/辐射型和对等VNet、纯私有部署、网络/拓扑设计,以及安全远程访问的部署指导。 |
| 安全性 | L59-L65 | 配置安全的Azure Bastion访问:Entra ID认证、所需NSG规则,以及加固Bastion主机和连接的最佳实践。 |
| 配置 | L66-L77 | 配置Azure Bastion设置、扩展、基于IP和Kerberos的访问、监控/指标、会话管理/录制、原生客户端使用,以及可共享链接。 |
| 集成与编码模式 | L78-L85 | 如何将Azure Bastion与AKS私有集群、VM规模集以及Windows/Linux原生客户端配合使用,包括SSH/RDP连接模式和通过Bastion原生客户端进行文件传输。 |
Troubleshooting
故障排除
| Topic | URL |
|---|---|
| Diagnose and fix common Azure Bastion issues | https://learn.microsoft.com/en-us/azure/bastion/troubleshoot |
| 主题 | URL |
|---|---|
| 诊断并修复Azure Bastion常见问题 | https://learn.microsoft.com/en-us/azure/bastion/troubleshoot |
Best Practices
最佳实践
| Topic | URL |
|---|---|
| Optimize Azure Bastion costs without reducing security | https://learn.microsoft.com/en-us/azure/bastion/cost-optimization |
| 主题 | URL |
|---|---|
| 在不降低安全性的前提下优化Azure Bastion成本 | https://learn.microsoft.com/en-us/azure/bastion/cost-optimization |
Decision Making
决策制定
| Topic | URL |
|---|---|
| Select the appropriate Azure Bastion SKU tier | https://learn.microsoft.com/en-us/azure/bastion/bastion-sku-comparison |
| Use Azure Bastion IP-based connections across environments | https://learn.microsoft.com/en-us/azure/bastion/connect-ip-address |
| View and upgrade Azure Bastion SKU tiers safely | https://learn.microsoft.com/en-us/azure/bastion/upgrade-sku |
| 主题 | URL |
|---|---|
| 选择合适的Azure Bastion SKU层级 | https://learn.microsoft.com/en-us/azure/bastion/bastion-sku-comparison |
| 在不同环境中使用Azure Bastion基于IP的连接 | https://learn.microsoft.com/en-us/azure/bastion/connect-ip-address |
| 安全查看并升级Azure Bastion SKU层级 | https://learn.microsoft.com/en-us/azure/bastion/upgrade-sku |
Architecture & Design Patterns
架构与设计模式
| Topic | URL |
|---|---|
| Understand Azure Bastion deployment architectures | https://learn.microsoft.com/en-us/azure/bastion/design-architecture |
| Design and deploy private-only Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/private-only-deployment |
| Use Azure Bastion with VNet peering architectures | https://learn.microsoft.com/en-us/azure/bastion/vnet-peering |
| 主题 | URL |
|---|---|
| 了解Azure Bastion部署架构 | https://learn.microsoft.com/en-us/azure/bastion/design-architecture |
| 设计并部署纯私有Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/private-only-deployment |
| 在VNet对等架构中使用Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/vnet-peering |
Security
安全性
| Topic | URL |
|---|---|
| Configure Microsoft Entra ID auth for Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/bastion-entra-id-authentication |
| Configure Azure Bastion NSG rules for secure access | https://learn.microsoft.com/en-us/azure/bastion/bastion-nsg |
| Harden and secure your Azure Bastion deployment | https://learn.microsoft.com/en-us/azure/bastion/secure-bastion |
| 主题 | URL |
|---|---|
| 为Azure Bastion配置Microsoft Entra ID认证 | https://learn.microsoft.com/en-us/azure/bastion/bastion-entra-id-authentication |
| 为Azure Bastion配置安全访问的NSG规则 | https://learn.microsoft.com/en-us/azure/bastion/bastion-nsg |
| 加固并保护你的Azure Bastion部署 | https://learn.microsoft.com/en-us/azure/bastion/secure-bastion |
Configuration
配置
| Topic | URL |
|---|---|
| Reference Azure Bastion configuration settings and options | https://learn.microsoft.com/en-us/azure/bastion/configuration-settings |
| Configure Kerberos authentication for Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/kerberos-authentication-portal |
| Configure monitoring and diagnostics for Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/monitor-bastion |
| Reference monitoring metrics and logs for Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/monitor-bastion-reference |
| Configure Azure Bastion for native client access | https://learn.microsoft.com/en-us/azure/bastion/native-client |
| Monitor and manage active Azure Bastion sessions | https://learn.microsoft.com/en-us/azure/bastion/session-monitoring |
| Configure and store Azure Bastion session recordings | https://learn.microsoft.com/en-us/azure/bastion/session-recording |
| Create and use Azure Bastion shareable links | https://learn.microsoft.com/en-us/azure/bastion/shareable-link |
| 主题 | URL |
|---|---|
| Azure Bastion配置设置与选项参考 | https://learn.microsoft.com/en-us/azure/bastion/configuration-settings |
| 为Azure Bastion配置Kerberos认证 | https://learn.microsoft.com/en-us/azure/bastion/kerberos-authentication-portal |
| 为Azure Bastion配置监控与诊断 | https://learn.microsoft.com/en-us/azure/bastion/monitor-bastion |
| Azure Bastion监控指标与日志参考 | https://learn.microsoft.com/en-us/azure/bastion/monitor-bastion-reference |
| 为Azure Bastion配置原生客户端访问 | https://learn.microsoft.com/en-us/azure/bastion/native-client |
| 监控并管理活跃的Azure Bastion会话 | https://learn.microsoft.com/en-us/azure/bastion/session-monitoring |
| 配置并存储Azure Bastion会话录制 | https://learn.microsoft.com/en-us/azure/bastion/session-recording |
| 创建并使用Azure Bastion可共享链接 | https://learn.microsoft.com/en-us/azure/bastion/shareable-link |
Integrations & Coding Patterns
集成与编码模式
| Topic | URL |
|---|---|
| Connect to AKS private clusters via Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-to-aks-private-cluster |
| Connect to VM scale sets using Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-vm-scale-set |
| Connect from Linux native clients through Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/connect-vm-native-client-linux |
| Connect from Windows native clients through Azure Bastion | https://learn.microsoft.com/en-us/azure/bastion/connect-vm-native-client-windows |
| Transfer files via Azure Bastion native clients | https://learn.microsoft.com/en-us/azure/bastion/vm-upload-download-native |
| 主题 | URL |
|---|---|
| 通过Azure Bastion连接到AKS私有集群 | https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-to-aks-private-cluster |
| 使用Azure Bastion连接到VM规模集 | https://learn.microsoft.com/en-us/azure/bastion/bastion-connect-vm-scale-set |
| 通过Azure Bastion从Linux原生客户端连接 | https://learn.microsoft.com/en-us/azure/bastion/connect-vm-native-client-linux |
| 通过Azure Bastion从Windows原生客户端连接 | https://learn.microsoft.com/en-us/azure/bastion/connect-vm-native-client-windows |
| 通过Azure Bastion原生客户端传输文件 | https://learn.microsoft.com/en-us/azure/bastion/vm-upload-download-native |