How to Increase Cloud Security with new
Azure JIT VM Access

How to: Increase Cloud Security with new Azure JIT VM Access

  • Mustafa Kara
  • Managed Security, Managed Cloud
  • Azure, Virtual Machine

Every day, new security solutions are coming into the Azure security Center, such as JIT VM Access, and these innovations further tighten the security layer. We will keep you updated!

Experts have been observing that hackers seem to be targeting the Brute Force or Port Scanning on management ports, such as RDP and SSH, which are often left open for administrators to access systems in their cloud environments. Microsoft Azure has released a new feature to prevent just that.

What is JIT VM Access?

With the new Just in Time Virtual Machine (JIT VM) Access mechanism, announced in April 2018, the Microsoft Azure Security Center now helps clients detect and get notified of attacks such as the ones mentioned above. This new layer of security, which provides you with controlled access to VMs at any time, can significantly reduce this kind of attack exposure by allowing you to deny persistent access.
RDP and SSH Attacks (Brute Force or Port Scanning)
Fig. 1: RDP and SSH Attacks (Brute Force or Port Scanning)

How does it work?

According to the security policy you set up, Azure Security Center can enable just-in-time (JIT) access on your existing VMs as well as on your newly created VMs. When JIT VM access is enabled, Azure security Center closes traffic to the ports defined by creating the Network security Group rules. If necessary, you can request to open the required port for the approved period of time for the IP addresses approved for the VM and only for users with the appropriate permissions. Requests are saved in the Azure Activity Log, so you can easily monitor and control access. You can also enable JIT VM access, configure them with policy, and request access through PowerShell cmdlets. These new features are available within the Azure Security Center standard pricing tier and are free during the first 60 days.

Let's start configuring

I signed in to the Azure portal on my own account, clicked on the Security Center and then clicked on JIT VM Access.

Configuring JIT on Azure Security Center
Fig. 2: Configuring JIT on Azure Security Center

To get free access for the first 60 days, press the "Apply Standard Plan" button.

Enable Azure Security Center Standard Plan
Fig. 3: Enable Azure Security Center Standard Plan

If you have an existing OMS workspace, you can use it to store these logs. As I didn't have one yet, I created a new workspace.

Add a new workspace in Azure JIT
Fig. 4: Add a new workspace

To create a new workspace, enter your OMS workspace name, select your subscription, create a new resource group or select the existing one, then press the “OK” button to complete the creation process.

Azure JIT - Create a  New Workspace
Fig. 5: Create a New Workspace

Our OMS Workspace is ready to record all JIT VM Access activities in the log.

Azure JIT - Complete a new Workspace
Fig. 6: Complete a new Workspace

The JIT VM Access is now ready to use. Now I can select the machine or machines I want to activate for JIT VM access and then press the “Enable JIT” button.

Enable JIT on VM
Fig. 7: Enable JIT on VM

I can configure JIT VM Access now and define permissions and times for ports. I select the VM for this and press the “Edit” button.

JIT VM Access Edit
Fig. 8: JIT VM Access Edit

I use this section to open the port, to define the source IP that is allowed access. Again, I can set the time range for access in this section.

Open port on JIT VM Access
Fig. 9: Open port on JIT VM Access

Now, I enter my own real IP in 3389 RDP port and allow access for one hour.

Add port on JIT VM Access
Fig. 10: Add port on JIT VM Access

Here are the activity logs for the machine that has JIT VM Access enabled.

Activity Log on JIT VM Access
Fig. 11: Activity Log on JIT VM Access

I can see the source IP address and destination IP address of the machine in the activity logs. It is also possible to see the rules’ name and port information in this section.

Activity Log on JIT VM Access details
Fig. 12: Activity Log on JIT VM Access details

Gain Control of Your Cloud!

Our Managed Cloud solution helps making your cloud less complex and supports organizations in overcoming these issues.

Discover Managed Cloud
  • Monday 07 May 2018

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

SoftwareONE contact

Mustafa Kara Technical Manager

Microsoft MVP and Microsoft Azure MVP

Related Articles

SoftwareONE Cyber Security Update 2019-10
  • 15 October 2019
  • Bala Sethunathan
  • Cyber-Security Updates, Managed Security
  • Cyber-Security, Security

Cyber Security Updates – October 2019

Criminal cyber-activities come with only one goal: to attack your systems and to leave you with financial damages and reputational loss. In our October edition, we will cover latest data breaches such as a ransomware attack on several U.S.…

managed-security-teaser
  • 10 October 2019
  • Bala Sethunathan
  • Managed Security
  • Strategy, How-To

Building an Effective Security Operations Center (SOC) at Your Organization

Many organizations simply do not have the resources and expertise available to build an effective in-house security operations center (SOC). Let’s take a look at how you can put together an SOC that can be maintained for years to come.

unified communications
  • 03 October 2019
  • Dietmar Kraume
  • Managed Security, Unified Communications
  • Cyber-Security, EnterpriseVoice, Cyber-Threats

Being Secure on the Super-Highway to Enterprise Collaboration

Unified communications (UC) has quickly become a staple of modern business culture, but it can bring Cyber-Security risks. Learn what these risks are, and how organizations can re-mediate them.