add just-in-time

cherylmc · cherylmc · commit 55cb4c0f28fe · 2024-01-11T10:58:12.000-05:00
diff --git a/articles/bastion/troubleshoot.md b/articles/bastion/troubleshoot.md
@@ -2,11 +2,11 @@
 title: 'Troubleshoot Azure Bastion'
 description: Learn how to troubleshoot Azure Bastion.
 services: bastion
-author: charwen
+author: isamorris
 ms.service: bastion
 ms.topic: troubleshooting
-ms.date: 05/08/2023
-ms.author: charwen
+ms.date: 01/11/2024
+ms.author: isamorris
 ---
 
 # Troubleshoot Azure Bastion
@@ -70,6 +70,13 @@ The key's randomart image is:
 
 **A:** You can troubleshoot your connectivity issues by navigating to the **Connection Troubleshoot** tab (in the **Monitoring** section) of your Azure Bastion resource in the Azure portal. Network Watcher Connection Troubleshoot provides the capability to check a direct TCP connection from a virtual machine (VM) to a VM, fully qualified domain name (FQDN), URI, or IPv4 address. To start, choose a source to start the connection from, and the destination you wish to connect to and select "Check". For more information, see [Connection Troubleshoot](../network-watcher/network-watcher-connectivity-overview.md).
 
+If just-in-time (JIT) is enabled, you might need to add additional role assignments to connect to Bastion. Add the following permissions to the user, and then try reconnecting to Bastion. For more information, see [Enable just-in-time access on VMs](../defender-for-cloud/just-in-time-access-usage.md).
+
+| Setting | Description|
+|---|---|
+|Microsoft.Security/locations/jitNetworkAccessPolicies/read|Gets the just-in-time network access policies|
+Microsoft.Security/locations/jitNetworkAccessPolicies/write | Creates a new just-in-time network access policy or updates an existing one |
+
 
 ## <a name="filetransfer"></a>File transfer issues
 
@@ -81,7 +88,7 @@ The key's randomart image is:
 
 **Q:** When I try to connect using Azure Bastion, I can't connect to the target VM, and I get a black screen in the Azure portal.
 
-**A:** This happens when there's either a network connectivity issue between your web browser and Azure Bastion (your client Internet firewall may be blocking WebSockets traffic or similar), or between the Azure Bastion and your target VM. Most cases include an NSG applied either to AzureBastionSubnet, or on your target VM subnet that is blocking the RDP/SSH traffic in your virtual network. Allow WebSockets traffic on your client internet firewall, and check the NSGs on your target VM subnet. See [Unable to connect to virtual machine](#connectivity) to learn how to use **Connection Troubleshoot** to troubleshoot your connectivity issues.
+**A:** This happens when there's either a network connectivity issue between your web browser and Azure Bastion (your client Internet firewall might be blocking WebSockets traffic or similar), or between the Azure Bastion and your target VM. Most cases include an NSG applied either to AzureBastionSubnet, or on your target VM subnet that is blocking the RDP/SSH traffic in your virtual network. Allow WebSockets traffic on your client internet firewall, and check the NSGs on your target VM subnet. See [Unable to connect to virtual machine](#connectivity) to learn how to use **Connection Troubleshoot** to troubleshoot your connectivity issues.
 
 ## Next steps
 
