Azure-SecurityCenter-Monitor-JIT-Network-Access

Severity: High

Description: This control ensures that Just-In-Time network access control should be applied on virtual machines' is enabled for at least one policy assignment with policy definition Enable Monitoring in Azure Security Center. When this setting is not disabled in Security Center, it locks down inbound traffic to your Azure VMs by creating an NSG rule. You select the ports on the VM to which inbound traffic should be locked down. Just in time virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

Remediation Steps:

Perform following to update parameters:

1. Login to Azure Portal using https://portal.azure.com.

2. Go to Policy service.

3. On Policy overview, Click onDefault/Custom Policy.

4. Click on Edit Assignments.

5. In Basics menu, check there are no exclusions added for resource Group.

6. Set Policy Enforcement to Enabled.

7. Goto Parameters and set Just-In-Time network access control should be applied on virtual machines to AuditIfNotExist

8. Click Review + save.

Important:

• Along with ASC Default assignment, there could be custom policy assignments with the policy definition "Enable Monitoring in Azure Security Center". 'Monitor missing Endpoint Protection in Azure Security Center' should be enabled for at least one of such assignments

Reference:

• https://docs.microsoft.com/en-us/azure/security-center/security-center-policies

• https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time

• https://msdn.microsoft.com/en-us/library/mt704062.aspx

• https://msdn.microsoft.com/en-us/library/mt704063.aspx

• https://docs.microsoft.com/en-us/rest/api/resources/policyassignments/get

• https://docs.microsoft.com/en-us/rest/api/resources/policyassignments/create