Back

Secure your management ports with just-in-time access

    1. Enable JIT on your VMs from Microsoft Defender for Cloud
    2. Open the Workload protections dashboard and from the advanced protection area, select Just-in-time VM access.
      The Just-in-time VM access page opens with your VMs grouped into the following tabs:

      • Configured – VMs that have been already been configured to support just-in-time VM access. For each VM, the configured tab shows:
        • the number of approved JIT requests in the last seven days
        • the last access date and time
        • the connection details configured
        • the last user
      • Not configured – VMs without JIT enabled, but that can support JIT. We recommend that you enable JIT for these VMs.
      • Unsupported – VMs without JIT enabled and which don’t support the feature. Your VM might be in this tab for the following reasons:
        • Missing network security group (NSG) or Azure Firewall – JIT requires an NSG to be configured or a Firewall configuration (or both)
        • Classic VM – JIT supports VMs that are deployed through Azure Resource Manager, not ‘classic deployment’.
        • Other – Your VM might be in this tab if the JIT solution is disabled in the security policy of the subscription or the resource group.
    3. From the Not configured tab, mark the VMs to protect with JIT and select Enable JIT on VMs.
      The JIT VM access page opens listing the ports that Defender for Cloud recommends protecting:

      • 22 – SSH
      • 3389 – RDP
      • 5985 – WinRM
      • 5986 – WinRM

      To accept the default settings, select Save.

    4. To customize the JIT options:
      • Add custom ports with the Add button.
      • Modify one of the default ports, by selecting it from the list.

      For each port (custom and default) the Add port configuration pane offers the following options:

      • Protocol– The protocol that is allowed on this port when a request is approved
      • Allowed source IPs– The IP ranges that are allowed on this port when a request is approved
      • Maximum request time– The maximum time window during which a specific port can be opened
      1. Set the port security to your needs.
      2. Select OK.
    5. Select Save.

    Tag:

    admin

    You may also like

    How to install git credential manager core on Ubuntu 22.04 / 20.04
    September 28, 2024

    Download the GCM wget “https://github.com/git-ecosystem/git-credential-manager/releases/download/v2.5.0/gcm-linux_amd64.2.5.0.deb” -O /tmp/gcmcore.deb Execute the installable file sudo dpkg -i /tmp/gcmcore.deb Configure GCM git-credential-manager configure Configure the GCM store git config –global credential.credentialStore plaintext or export GCM_CREDENTIAL_STORE=plaintext

    Configure Azure P2S VPN Gateway with Microsoft Entra Authentication
    June 25, 2024

    Prerequisites Azure Subscription: Ensure you have an active Azure subscription. Azure AD Directory: You must have an Azure AD directory. User Permissions: Ensure you have permissions to create and manage resources in the Azure portal. Step-by-Step Guide Step 1: Create and Configure the Virtual Network Gateway Create a Virtual Network: …

    Hosting Static Website In S3 Bucket
    August 24, 2023

    Courses

    About

    © 2024 WebMagic Informatica. All rights reserved.

    Facebook Youtube Whatsapp Github Linkedin Instagram