Are you ready for Azure Bastion?
Azure Bastion is a new managed PaaS service that provides seamless RDP and SSH connectivity to your virtual machines over Secure Sockets Layer (SSL). This is completed without any exposure of the public IPs on your virtual machines.
Behind the scenes there’s a dedicated Network Subnet on your Azure Network, that provided a gateway connection via HTML5 to your virtual machine. No more RDP or SSH protocols exposed and this can avoid also usage of public IP address.
Azure Bastion is a fundamental way to protection the integrity of your servers by removing the exposure of RDP and SSH ports from the Internet, making it impossible for scanners to detect them, and attackers from exploiting the connection with brute force attacks to credentials or zero-day attacks against the protocols.
It's still in preview, which means its not deployed in all Azure data centers yet. You can deploy it to:
South Central US
You can't deploy it using the regular Azure Portal. You need to use the preview portal link here.
If you think this might be something you want to try, you can learn more about Azure Bastion here.