Start-AzJitNetworkAccessPolicy

Invokes a temporary network access request.

Syntax

Start-AzJitNetworkAccessPolicy
     -ResourceGroupName <String>
     -Location <String>
     -Name <String>
     -VirtualMachine <PSSecurityJitNetworkAccessPolicyInitiateVirtualMachine[]>
     [-DefaultProfile <IAzureContextContainer>]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]
Start-AzJitNetworkAccessPolicy
     -VirtualMachine <PSSecurityJitNetworkAccessPolicyInitiateVirtualMachine[]>
     -ResourceId <String>
     [-DefaultProfile <IAzureContextContainer>]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]
Start-AzJitNetworkAccessPolicy
     -InputObject <PSSecurityJitNetworkAccessPolicyInitiateInputObject>
     [-DefaultProfile <IAzureContextContainer>]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]

Description

Invokes a temporary network access request. The request is validated against the configured JIT network access policy and if permitted, opens up a network connection according to the user's request. The request will be logged in the policy for later review and will be terminated when the specified duration will be exceeded.

Examples

Example 1

$MyResource = Get-AzResource -Id /subscriptions/xxxxxxx-xxxxx-xxxxx-xxxxxxx/resourceGroups/PolicyDemo/providers/Microsoft.Compute/virtualMachines/PolicyDemoVM1
$JitPolicy = (@{
        id    = $MyResource.ResourceId; 
        ports = (@{
                number                     = 22
                endTimeUtc                 = Get-Date (Get-Date -AsUTC).AddHours(1) -Format O
                allowedSourceAddressPrefix = @($MyPublicIP) 
            })
    })
$ActivationVM = @($JitPolicy)
Start-AzJitNetworkAccessPolicy -ResourceGroupName $($MyResource.ResourceGroupName) -Location $MyResource.Location -Name "default" -VirtualMachine $ActivationVM

Opens up a network connection for 1 hour over port 22 from my public IP (not shown).

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Input Object.

Type:PSSecurityJitNetworkAccessPolicyInitiateInputObject
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Location

Location.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Name

Resource name.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Resource group name.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ResourceId

Resource ID.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-VirtualMachine

Automatic Provisioning.

Type:PSSecurityJitNetworkAccessPolicyInitiateVirtualMachine[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

PSSecurityJitNetworkAccessPolicyInitiateInputObject

Outputs

PSSecurityJitNetworkAccessPolicy