Azure has recently enabled this feature. what is it?
Attackers are usually targeting some management ports like, 22, 3389 and they have a change to access your environment if your Azure VM has a public IP address and all management ports are open every time. Put it this way, you have a VM and port 3389 is open all the time. Do you need it all the time? Of course not. So, this is your solution. You can lock down the ports with Just in time access and if you need to use them, Azure Security Center will enable it with a short term like an hour.
Upon user request, based on RBAC, Security Center create will grant access. When your request is approved, Security Center will create new NSG rules to allow inbound traffic to the management ports for the amount of time you specified in the settings.
In order to have this feature, you must use Security Center in Azure and you need a Standard Tier license. As you can see below screenshot, you need to enable JIT Network Access that requires Standard tier license.
Enabling Just in Time is also really easy. Go to Security Center and if you have Standard tier license, you can see that it appears in the dashboard.
Below shows that it protects 5 VMs right now and you can want to add one more server to the list, go to Recommended TAB and select your server and enable JIT Network
Once it is enabled for this VM, you can configure ports and time range that will be open
Time range is 3 hours by default but you can change it. Now we have configured Just in time access and lock down the ports. Let’s look at the requesting access to a VM
In the Just in time VM Access blade, Select the Configured tab and select the VM you want to enable access and select request access button.
On the request access blade, we can configure for each Vm the ports to open along with tje source IP that the port is opened and time window.