Preventing public access to Azure VM

I’ve followed the instructions in this kb article , and I can access the VM over RDP via the Tailscale VPN. Now I want to make it so nobody can use this VPm via the Azure public IP address. When I remove the public IP address, access by Tailscale stops working. What do I do to limit access to this VPN over Tailscale only?

There is a rule in the Networking tab of that VM which allows RDP access from public addresses. You’d remove that rule.

In the KB article you link to the final step is about removing SSH access. Removing RDP would be almost the same, just the port number will be 3389 instead of 22.