Well thanks to the following tweet from Thomas Maurer, has just made my Friday evening.
Having started to look at the Azure Cloud Adoption Framework (CAF), one of the areas that has frustrated me is the limitation of Bastion not being able to work over VNet Peering. This has been on the roadmap for a while and is truly a game changer from an Azure Management perspective. It enables users to no longer have to deploy multiple Bastion instances in each peered VNet, this will save cost and also complexities.
As shown in the architecture above, this shows a Hub-Spoke model, with Azure Bastion deployed in the centralised Hub virtual network, with a centralised Network Security Gateway, and no need to have a Public IP attached the Virtual Machines.
More details on this can be found in the Microsoft Docs – https://docs.microsoft.com/en-us/azure/bastion/vnet-peering
Thanks to Thomas Maurer