Ensure that Just-In-Time (JIT) network access monitoring is enabled within your Microsoft Azure cloud account so that Microsoft Defender for Cloud can assess if JIT network access is enabled for your eligible VMs. Just-In-Time (JIT) network access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to different types of attacks while providing easy access to your virtual machines when needed.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
JIT network access can lock down inbound traffic to your Azure VMs by creating a Network Security Group (NSG) where you select the ports to which inbound traffic will be restricted. This method can be extremely useful for reducing exposure to external attacks. With JIT network access monitoring enabled, Microsoft Defender for Cloud can determine if Just-In-Time network access is enabled for your Azure virtual machines and make the proper access security recommendations.
Audit
To determine if the monitoring of network just-in-time access is enabled within the Microsoft Defender for Cloud security policy, perform the following operations:
Remediation / Resolution
To enable Just-In-Time (JIT) network access monitoring for your Microsoft Azure virtual machines (VMs), perform the following operations:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Azure Policy built-in policy definitions
- Manage security policies
- Secure your management ports with just-in-time access
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token