---
title: Azure Bastion shareable links should not be permitted
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Azure Bastion shareable links should
  not be permitted
---

# Azure Bastion shareable links should not be permitted
 
## Description{% #description %}

[Azure Bastion public links](https://learn.microsoft.com/en-us/azure/bastion/shareable-link) can allow remote access to Azure VMs from untrusted networks. An attacker with a Contributor role or similar level of access on an Azure Bastion could generate a public link to establish persistent connections to Azure VMs.

## Rationale{% #rationale %}

This detection identifies Azure Bastion hosts with `enable_shareable_link` set to `true`.

## Remediation{% #remediation %}

1. Evaluate the need for public links for your Bastion. Allowing public links is not required for general Azure Bastion usage.
1. If not required, disable the ["Shareable link" setting](https://learn.microsoft.com/en-us/azure/bastion/shareable-link#enable-shareable-link-feature) by unchecking the box under the Bastion's configuration settings.