Monitor JIT Network Access
Ensures Just In Time Network Access monitoring is enabled in Microsoft Defender.
When this setting is enabled, Microsoft Defender for Cloud audits Just In Time Network Access on all virtual machines (Windows and Linux as well) to enhance data protection at rest
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log in to the Microsoft Azure Management Console.
-
Select the “Search resources, services, and docs” option at the top and search for “Policy” and select the “Policy”.
-
Scroll down the left navigation panel and select “Compliance”.
-
On the “Policy | Compliance” page, under “Name” column select compliance for the “Scope” of necessary Subscription.
-
On the “Policy| Compliance” page select the “View Assignment” Tab on the top.
-
On the “Policy| Compliance | Subscription” page, Select the “Edit Assignment” Tab at the top.
-
On the Assign Initiative page, select the “Parameters” tab and uncheck “Only show parameters that need input or review”. It will show you a list of parameters.
-
In the list search for the setting “Management ports of virtual machines should be protected with just-in-time network access control”. If it’s set to “Disabled” then “JIT Network Access monitoring” is not enabled on the selected “Subscription”.
-
To enable “JIT Network Access monitoring” click to open the dropdown of “Management ports of virtual machines should be protected with just-in-time network access control” and select the “AuditIfNotExists” option.
-
Click on the “Review + save” button to make the necessary changes.
-
Repeat steps number 3 - 10 to ensure “Monitor JIT Network Access” is configured from the Azure Defender.