Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of not having Just-In-Time (JIT) access enabled for virtual machines in Azure, you can follow the below steps using Azure Portal:
- Log in to the Azure Portal (https://portal.azure.com/).
- Navigate to the virtual machine for which you want to enable JIT access.
- From the left-hand side menu, select “Security + networking”.
- Under the “Security” section, select “Just-in-time VM access”.
- On the Just-in-time VM access page, click on “Enable JIT on VM”.
- In the “Basic settings” section, select the “On” radio button to enable JIT access.
- In the “Advanced settings” section, configure the following settings:
- Maximum JIT access time: Set the maximum time for which the JIT access request will be valid.
- Ports: Select the ports that you want to open for JIT access.
- IP address: Select the IP address range from which you want to allow JIT access.
- Click on the “Review + create” button to review the JIT access settings.
- Once you have reviewed the settings, click on the “Create” button to enable JIT access for the virtual machine.
Using CLI
Using CLI
To enable Just-In-Time (JIT) Access for Virtual Machines in Azure using Azure CLI, follow these steps:Note: Replace
- Open the Azure CLI in your preferred terminal or command prompt.
- Run the following command to enable JIT access for the virtual machine:
<resource-group-name> with the name of your resource group and <vm-name> with the name of your virtual machine.- After running the command, you will receive a JSON output containing the updated information about your virtual machine.
- Verify that JIT access has been enabled for the virtual machine by going to the Azure portal and checking the virtual machine’s “Security” settings. You should see “JIT VM access” enabled for the virtual machine.
Using Python
Using Python
To remediate the misconfiguration “Enable Just-In-Time Access for Virtual Machines” in AZURE using Python, you can follow the below steps:This will enable JIT access for the virtual machine in Azure.
- Import the required libraries:
- Authenticate and create the client object:
- Get the resource group and virtual machine name:
- Get the virtual machine object:
- Create the JIT access policy object:
- Add the JIT access policy to the virtual machine network security group:
- Save the changes: