New article: Harden your Azure infrastructure using Azure Security Center Just-in-Time VM Access

Today I’m extremely excited: I had the unique chance to write an article on Azure Security for the Microsoft MVP blog which was published today. Happy reading!

Howdy folks and a happy new year to all of you. I hope, you’re doing well. Today I’m extraordinarily excited because I had the unique chance to write an article for Microsoft’s Technical Tuesday series. And, guess what, it has been approved and published today.

In many customer’s Azure environments you might find virtual machines that act as RDP jump hosts for external access to Azure VNets, be it for contractors’ support access or because of inexperience. Whatever the reason is – it is unsecure in many ways. That’s why I really appreciate Azure Security Center Just-in-Time VM Access (JIT), a new feature which is currently in public preview.

Just-in-Time Access enables customers to lock down their Azure VMs in order to reduce attack surface and exposure while keeping the ability to remotely access VMs when needed. JIT is available in the Standard tier of Azure Security Center and only supports VMs that have been deployed through Azure Resource Manager. Technically seen, JIT adds some inbound deny rules to a VM`s NSG so access to the configured ports is blocked. When access is requested a new allow rule with a lower priority is added to the NSG so access is granted for a given time and a given source IP (or pre-defined IP range).

If you’re interested in JIT and want to know how it works in detail just click here to get  to the full article. I hope you enjoy reading it as much as I enjoyed writing it.

Bye for now, have a great and safe time, and happy testing,

Author: Tom Janetscheck

Cloud Security Enthusiast | Security Advocate

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: