Ensure that "Monitor JIT Network Access" feature is enabled within your Microsoft Azure cloud account settings so that Azure Security Center can assess if Just-In-Time network access is enabled for your eligible VMs. Just-In-Time (JIT) network access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to different types of attacks while providing easy access to your virtual machines when needed.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
JIT network access can lock down inbound traffic to your Azure VMs by creating a Network Security Group (NSG) where you select the ports to which inbound traffic will be restricted. This method can be extremely useful for reducing exposure to external attacks. With JIT network access monitoring enabled, Azure Security Center can determine if Just-In-Time network access is enabled for your Azure virtual machines and make the proper recommendations.
Audit
To determine if JIT network access monitoring is enabled within Azure Security Center settings, perform the following actions:
Remediation / Resolution
To enable Just-In-Time (JIT) network access monitoring for your Microsoft Azure virtual machines (VMs), perform the following actions:
References
- Azure Official Documentation
- Working with security policies
- Manage virtual machine access using just-in-time
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable JIT Network Access Monitoring
Risk level: High