You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/just-in-time-access/includes/2-just-in-time-access-to-protect-azure-virtual-machines.md
-2Lines changed: 0 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,3 @@
1
-
## The risk of open management ports on a virtual machine
2
-
3
1
Threat actors actively hunt for accessible machines with open management ports, like **Remote Desktop Protocol (RDP)** or **Secure Shell (SSH)**, using automated scanning tools and brute-force attacks. All of your virtual machines are potential targets for an attack. When a virtual machine is successfully compromised, it's used as the entry point to attack further resources within your environment and can lead to lateral movement across your network.
4
2
5
3
Learn how to apply Just in Time (JIT) access to your VMs using the Azure portal:
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/just-in-time-access/includes/3-enable-just-in-time-virtual-machine-access.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -125,19 +125,19 @@ You can enable JIT on a VM from the Azure virtual machines pages of the Azure po
125
125
126
126
4. Under **Just-in-time access**, select **Enable just-in-time**. By default, just-in-time access for the VM uses these settings:
127
127
128
-
- Windows machines
129
-
- RDP port: 3389
130
-
- Maximum allowed access: Three hours
131
-
- Allowed source IP addresses: Any
132
-
- Linux machines
133
-
- SSH port: 22
134
-
- Maximum allowed access: Three hours
135
-
- Allowed source IP addresses: Any
128
+
- Windows machines
129
+
- RDP port: 3389
130
+
- Maximum allowed access: Three hours
131
+
- Allowed source IP addresses: Any
132
+
- Linux machines
133
+
- SSH port: 22
134
+
- Maximum allowed access: Three hours
135
+
- Allowed source IP addresses: Any
136
136
137
137
5. To edit any of these values or add more ports to your JIT configuration, use Microsoft Defender for Cloud's just-in-time page:
138
138
139
-
- From Defender for Cloud's menu, select **Just-in-time VM access**.<br>
140
-
- From the Configured tab, right-click on the VM to which you want to add a port, and select **Edit**.<br>
139
+
- From Defender for Cloud's menu, select **Just-in-time VM access**.<br>
140
+
- From the Configured tab, right-click on the VM to which you want to add a port, and select **Edit**.<br>
141
141
142
142
:::image type="content" source="../media/virtual-machine-configuration-page-24446245.png" alt-text="Screenshot showing how to edit the virtual machine from the configuration page.":::
143
143
@@ -168,7 +168,7 @@ To request access from Azure virtual machines:
168
168
169
169
To enable just-in-time VM access from PowerShell, use the official Microsoft Defender for Cloud PowerShell cmdlet `Set-AzJitNetworkAccessPolicy`.
170
170
171
-
**Example**\- Enable just-in-time VM access on a specific VM with the following rules:
171
+
**Example** - Enable just-in-time VM access on a specific VM with the following rules:
172
172
173
173
- Close ports 22 and 3389
174
174
- Set a maximum time window of 3 hours for each so they can be opened per approved request
0 commit comments