Enable Just-In-Time Access on Azure VM

In this blog post, I will show you how to enable Just-in-time virtual machine access in Microsoft Azure.

About JIT

Just-in-time virtual machine access in Microsoft Azure is a premium feature that comes with Azure Security Center standard subscription.

JIT allows us to open RDP or SSH access to virtual machines a minimum of 3 hours.

For example, if we need to access our Azure VM using RDP, we would access the portal and enable JIT, which in return, open the RDP port for 3 hours.

This action is good because of two reasons, first and admin needs to access the portal using a username, password and MFA (recommended).

Second, the access is limited and open for good which increases potential security risks.

Enable JIT

To enable JIT, make sure you have a standard security centre subscription.

Open the Azure VM and click on Configuration, from the configuration page click on Enable just-in-time as shown below.

Connect to VM with JIT

After enabling JIT, the SSH and RDP ports are in block state.

To connect, open the VM, click on Connect and select the protocol.

From the connect page, in my example, it is RDP I will click on request access.

After the request access has submitted, it will take a minute for the port to open.

Once you see the green approval message, you can RDP to the VM.

Success! You're on the list.