Merge pull request #52834 from R-C-Stewart/jit-access-refresh

end to end refresh of module

Author: AnnaMHuff

learn-pr/wwl-azure/just-in-time-access/includes/1-introduction.md

@@ -1,18 +1,21 @@
-This module covers understanding just-in-time (JIT) VM access, addressing risks of open management ports, and implementing JIT with Microsoft Defender for Cloud to enhance security in Azure and AWS environments.
+This module covers understanding just-in-time (JIT) machine access, addressing risks of open management ports, and implementing JIT with Microsoft Defender for Cloud to enhance security in Azure and Amazon Web Services (AWS) environments.
+
+ > [!NOTE]
+ > Just-in-time machine access requires **Microsoft Defender for Servers Plan 2** to be enabled on your subscription.
 
 ## Scenario
 
-Imagine you're responsible for securing your company's virtual machines in Azure and AWS. Understanding just-in-time (JIT) VM access is crucial. Threat actors target open management ports, like RDP or SSH, to infiltrate your network. By implementing JIT with Microsoft Defender for Cloud, you can lock down these ports, allowing temporary access only to authorized users. This reduces the attack surface and enhances the overall security of your cloud environment.
+Imagine you're responsible for securing your company's virtual machines in Azure and AWS. Using just-in-time (JIT) machine access is crucial for protecting against modern threats. Threat actors continuously scan for machines with open management ports, like RDP or SSH, using automated tools to launch brute-force attacks and infiltrate your network. By implementing JIT with Microsoft Defender for Cloud, you can lock down these ports, allowing temporary, audited access only to authorized users when needed. JIT significantly reduces the attack surface and enhances the overall security posture of your cloud environment.
 
 ## Learning Objectives
 
 By the end of this training module, participants will:
 
- -  Understand the risks associated with open management ports on virtual machines.
- -  Learn how to implement JIT VM access using Microsoft Defender for Cloud.
- -  Explore how JIT VM access reduces attack surfaces in Azure and AWS environments.
- -  Gain skills to configure and manage temporary, controlled access to VMs for authorized users.
+ -  Understand the risks associated with open management ports on virtual machines and how attackers exploit them.
+ -  Learn how to implement JIT machine access using Microsoft Defender for Cloud (requires Defender for Servers Plan 2).
+ -  Explore how JIT machine access reduces attack surfaces in Azure and AWS environments.
+ -  Gain skills to configure and manage temporary, controlled, and audited access to VMs for authorized users.
 
 ## Goals
 
-By the end of this module, you'll understand JIT VM access, know how to implement it with Microsoft Defender for Cloud, reduce attack surfaces in Azure and AWS, and manage temporary access to VMs.
+By the end of this module, you'll understand JIT machine access, and know how to implement it with Microsoft Defender for Cloud (Defender for Servers Plan 2). Use JIT to reduce attack surfaces in Azure and AWS environments, and manage temporary, audited access to virtual machines for authorized users.

learn-pr/wwl-azure/just-in-time-access/includes/2-just-in-time-access-to-protect-azure-virtual-machines.md

@@ -1,29 +1,32 @@
-## The risk of open management ports on a virtual machine
+Threat actors actively hunt for accessible machines with open management ports, like **Remote Desktop Protocol (RDP)** or **Secure Shell (SSH)**, using automated scanning tools and brute-force attacks. All of your virtual machines are potential targets for an attack. When a virtual machine is successfully compromised, it's used as the entry point to attack further resources within your environment and can lead to lateral movement across your network.
 
-Threat actors actively hunt accessible machines with open management ports, like **remote desktop protocol (RDP)** or **secure shell protocol (SSH)**. All of your virtual machines are potential targets for an attack. When a virtual machine is successfully compromised, it's used as the entry point to attack further resources within your environment.
-
-To learn how to apply JIT to your VMs using the Azure portal (either Defender for Cloud or Azure Virtual Machines) or programmatically, see [How to secure your management ports with JIT](/azure/defender-for-cloud/just-in-time-access-usage).
+Learn how to apply Just in Time (JIT) access to your VMs using the Azure portal:
+- Using Microsoft Defender for Cloud or Azure Virtual Machines
+- Programmatically
+- Via REST API
+See [How to secure your management ports with JIT](/azure/defender-for-cloud/just-in-time-access-usage).
 
 ## Why JIT virtual machine access is the solution
 
-As with all cybersecurity prevention techniques, your goal should be to reduce the attack surface. In this case that means having fewer open ports especially management ports. Your legitimate users also use these ports, so it's not practical to keep them closed. To solve this dilemma, Microsoft Defender for Cloud offers JIT. With JIT, you can lock down the inbound traffic to your VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
+As with all cybersecurity prevention techniques, your goal should be to reduce the attack surface. In this case that means having fewer open ports especially management ports. Your legitimate users also use these ports, so it's not practical to keep them closed permanently. To solve this dilemma, Microsoft Defender for Cloud offers JIT access. With JIT, you can lock down the inbound traffic to your VMs, reducing exposure to attacks while providing easy, audited access to connect to VMs when needed.
 
 ## How JIT operates with network resources in Azure and AWS
 
-In Azure, you can block inbound traffic on specific ports, by enabling just-in-time VM access. Defender for Cloud ensures "deny all inbound traffic" rules exist for your selected ports in the [network security group](/azure/virtual-network/network-security-groups-overview#security-rules) (NSG) and [Azure Firewall rules](/azure/firewall/rule-processing). These rules restrict access to your Azure VMs’ management ports and defend them from attack.<br>
+**In Azure**, you can block inbound traffic on specific ports, by enabling just-in-time VM access. Defender for Cloud ensures "deny all inbound traffic" rules exist for your selected ports in the [network security group](/azure/virtual-network/network-security-groups-overview#security-rules) (NSG) and [Azure Firewall rules](/azure/firewall/rule-processing). These rules restrict access to your Azure VMs’ management ports and defend them from attack.
 
 If other rules already exist for the selected ports, then those existing rules take priority over the new "deny all inbound traffic" rules. If there are no existing rules on the selected ports, then the new rules take top priority in the NSG and Azure Firewall.
 
-In AWS, by enabling JIT-access the relevant rules in the attached EC2 security groups, for the selected ports, are revoked which blocks inbound traffic on those specific ports.
+**In AWS**, by enabling JIT access, the relevant rules in the attached EC2 security groups for the selected ports are revoked, which blocks inbound traffic on those specific ports.
 
-When a user requests access to a VM, Defender for Cloud checks that the user has [Azure role-based access control (Azure RBAC)](/azure/role-based-access-control/role-assignments-portal) permissions for that virtual machine. If the request is approved, Defender for Cloud configures the NSGs and Azure Firewall to allow inbound traffic to the selected ports from the relevant IP address (or range), for the amount of time that was specified. In AWS, Defender for Cloud creates a new EC2 security group that allows inbound traffic to the specified ports. After the time has expired, Defender for Cloud restores the NSGs to their previous states. Connections that are already established aren't interrupted.
+**Access Request Process:**
+When a user requests access to a VM, Defender for Cloud checks that the user has [Azure role-based access control (Azure RBAC)](/azure/role-based-access-control/role-assignments-portal) permissions for that virtual machine. If the request is approved, Defender for Cloud configures the NSGs and Azure Firewall to allow inbound traffic to the selected ports. If specified this includes the relevant IP address (or range), for the amount of time. In AWS, Defender for Cloud creates a new EC2 security group that allows inbound traffic to the specified ports. After the time expires, Defender for Cloud restores the NSGs to their previous states. Connections that are already established aren't interrupted.
 
 > [!NOTE]
-> JIT does not support VMs protected by Azure Firewalls controlled by [Azure Firewall Manager](/azure/firewall-manager/overview). The Azure Firewall must be configured with Rules (Classic) and cannot use Firewall policies.
+> JIT doesn't support VMs protected by Azure Firewalls controlled by [Azure Firewall Manager](/azure/firewall-manager/overview). The Azure Firewall must be configured with Rules (Classic) and can't use Firewall policies.
 
-## Added to the recommendation’s Unhealthy resources tab
+## Review the recommendation and categorization of VMs
 
-The diagram shows the logic Defender for Cloud applies when deciding how to categorize your supported VM. When Defender for Cloud finds a machine that can benefit from JIT, it adds that machine to the recommendation's Unhealthy resources tab.
+The diagram shows the logic Defender for Cloud applies when deciding how to categorize your supported VMs. When Defender for Cloud finds a machine that can benefit from JIT, it adds that machine to the recommendation's **Unhealthy resources** tab.
 
 **Example:** Affected resources