you can use Just-in-access so that IT administrators can request access which would open the required ports for the virtual machine.
When JIT is enabled, Security center locks down inbound traffic to your Azure VMs by creating an NSG rule. You select the ports on the VM to which inbound traffic will be locked down. These ports are controlled by the Just-in-time solution.
When a user requests access to a VM, Security Center checks that the user has RBACpermissions that permit them to successfully request access to a VM, if the request is approved, security center automatically configures the NSG and Azure firewall to allow inbound traffic to the selected ports and requested source IP addresses or ranges, for the amount of time that was specified. After the time has expired, security center restores the NSGs to their previous states. Those connections that are already established are not being interrupted.
reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time
No comments:
Post a Comment