Bastion supporting fqdn connection
We trying to connect to a Windows Server VM using Azure Bastion with an account member of Protected Users group.
This connection failed and I can see in my AD eventlog an error because connection used NTLM (and NTLM is forbidden by Protected Users AD group).
Apparently, Azure Bastion used target IPs and by the way, authentication is downgrades to NTLM.
To avoid this issue and to improve global security using both Protected Users and Azure Bastion, it should used FQDN of the target instead of target's IP.