Security Center default policy setting "Monitor JIT Network Access" is not enabled Affecting Security Center service in Azure

Severity Framework Snyk CCSS

Rule category Monitoring / Network

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Azure HIPAA SOC-2

Snyk ID SNYK-CC-00673
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Just in time (JIT) virtual machine access can be used to lock down inbound traffic to Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

How to fix?

Set policy_definition_id to /providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c and enforcementMode to Default.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "resources": [
        {
            "type": "Microsoft.Authorization/policyAssignments",
            "apiVersion": "2022-06-01",
            "name": "allowed",
            "properties": {
                "description": "Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations",
                "displayName": "Management ports of virtual machines should be protected with just-in-time network access control",
                "enforcementMode": "Default",
                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c"
            }
        }
]
}

Security Center default policy setting "Monitor JIT Network Access" is not enabled Affecting Security Center service in Azure

Description

How to fix?

Example Configuration

ARM

Terraform

References