In the AWS courses (and in vendor-to-client VPN connections I've seen in the wild for on-prem Microsoft environments), connecting to VMs is typically done via a "bastion host" rather than directly opening the VM(s) up to the world. However, a few times in this Azure course I've seen the instructor just opening up VMs to the world.
There is indeed security via ssh key, but I still got that red flag feeling from opening up a VM to the world like that.
Question: in the wild, is using a bastion host (or something semantically similar) commonplace/best practice for Azure ecosystems? If so, are we not using one in this course just for simplicity's sake?
Indeed, it is best practice to use "jumpbox" (your bastion host), instead opening VMs to the world. Your assumption about the simplicity's sake is probably correct.
It is common place to use a bastion host for this scenario with Azure. And I would say that it is a course decision to open the VM's to the public to make the course simpler.