In this blog post, I will show you how to enable Just-in-time virtual machine access in Microsoft Azure.
About JIT
Just-in-time virtual machine access in Microsoft Azure is a premium feature that comes with Azure Security Center standard subscription.
JIT allows us to open RDP or SSH access to virtual machines a minimum of 3 hours.
For example, if we need to access our Azure VM using RDP, we would access the portal and enable JIT, which in return, open the RDP port for 3 hours.
This action is good because of two reasons, first and admin needs to access the portal using a username, password and MFA (recommended).
Second, the access is limited and open for good which increases potential security risks.
Enable JIT
To enable JIT, make sure you have a standard security centre subscription.
Open the Azure VM and click on Configuration, from the configuration page click on Enable just-in-time as shown below.
![](https://ntweekly-3e2e1f4957bdf35452c0-endpoint.azureedge.net/blobntweekly18036ad1fb/wp-content/uploads/2020/06/061720_0018_EnableJustI1.png)
Connect to VM with JIT
After enabling JIT, the SSH and RDP ports are in block state.
To connect, open the VM, click on Connect and select the protocol.
![](https://ntweekly-3e2e1f4957bdf35452c0-endpoint.azureedge.net/blobntweekly18036ad1fb/wp-content/uploads/2020/06/061720_0018_EnableJustI2.png)
From the connect page, in my example, it is RDP I will click on request access.
![](https://ntweekly-3e2e1f4957bdf35452c0-endpoint.azureedge.net/blobntweekly18036ad1fb/wp-content/uploads/2020/06/061720_0018_EnableJustI3.png)
After the request access has submitted, it will take a minute for the port to open.
Once you see the green approval message, you can RDP to the VM.
![](https://ntweekly-3e2e1f4957bdf35452c0-endpoint.azureedge.net/blobntweekly18036ad1fb/wp-content/uploads/2020/06/061720_0018_EnableJustI4.png)