Azure Just-In-Time (JIT) Access is a security feature in Microsoft Defender for Cloud that helps protect Azure virtual machines (VMs) from unauthorized access. It does this by restricting inbound traffic on specific ports, ensuring VMs are only accessible when needed and for a limited time.
Just-In-Time works by configuring Network Security Group (NSG) and Azure Firewall rules to block all incoming traffic on designated ports. When access is required, users can request just-in-time access through the Azure portal or command-line interface (CLI). Microsoft Defender for Cloud then evaluates the request and, if approved, temporarily allows inbound traffic on the specified port for the selected duration. Once the time expires, the rule is automatically removed, restoring the VM's protection.
Enabling Microsoft Defender for Cloud
Step 1. Search Microsoft Defender for Cloud on the Global search bar and click it.
![Microsoft Defender for Cloud]()
Step 2. Click the Subscription.
![Azure Substriptions]()
Step 3. Expand the Azure and click the Subscription.
![Environment settings]()
Step 4. Click Enable all plans, select the Plan, click Save, and then Save the Plan.
![Enable all plans]()
Step 5. Check the status of the Server; it should be On.
![Status of the server]()
Enabling JIT for Azure VM
Step 1. Select the Virtual Machine, click Configuration, and Click Enable just-in-time.
![Virtual machines]()
Step 2. After enabling just-in-time, click Open Microsoft Defender for Cloud.
![]()
Step 3. Select the VM and click Request Access.
![Select VM and Request access]()
Step 4. Select "On" on the Toggle to enable port 3389; in the Time range, we can assign a time frame to activate the RDP session; after 2 hours, the session will be blocked. Add a description and click "Open Ports" to enable VM access.
![Request access]()
Step 5. After enabling connection to the VM, we can check the configurations that have been applied.
![Virtual machines]()