I have an azure application that runs on PaaS architecture. To access azure resources like sql or add, I would like that to go through a secure virtual machine instead of from personal devices which is what happens today.
The problem today is that access is from personal devices which can be a personal Pc or laptop, secondly if the personal laptop is compromised this presents a risk. Third point, IP addresses change from ISP's when coming from a personal device this means that multiple up address entries are required for the sql firewall, if access is from a VM, the hassle of managing public IP address entries can be eliminated.
What is the best way to configure this (jump host, bastion host, VPN) and is it possible to have more than one virtual machine for access from a disaster recovery perspective. I am after a few options with some comments on the cost implication please., and if it can be on demand.