Designing a strategy for secure remote access
When designing for secure remote access, you need to consider this in two different ways. The first is for remote management of servers and applications, while the second is how mobile devices and users can securely access applications to perform their work tasks.
Since you are using resources on Azure and on-premises, you need to consider managing your virtual machines securely without leaving them open to attacks. Typically, you manage either a Linux virtual machine on SSH port 22 or a Windows virtual machine on RDP port 3389. Attackers know this and are known to run programs that check IP addresses for these ports to be open. They can then leverage this for a brute-force attack on your resources. Therefore, it is important not to leave these ports open to the internet.
Azure provides options so that you can avoid having these ports open to the internet, while still making them available to you to manage at the operating system...