Azure Bastion is a service to avoid deployment own Jumphosts and reach Azure VMs over the Management Ports (SSH and RDP) in a secure way without the need to assign Public IPs directly to Azure VMs.
Azure Bastion got a really big improvement and now supports Azure VNET Peering. This includes all VNET peering models, inside a single subscription and VNET peering across different subscriptions.
This makes the service more useful and cheaper. Now we no longer need to have an Azure Bastion host in each VNET. It is possible to deploy the Azure Bastion Service in the Hub Network and reach all additional VMs in the Spoke VNET that peered to the Hub network.
This makes the service more useful and cheaper and is a must have to avoid the management of own Jumphosts.
To learn all about the service and the benefits take a look at my article Azure Bastion – Secure access Azure VMs via RDP/SSH wihtout public IPs or view the Azure Advent Calendar session from last year.