Jit Network Access Policies - Create Or Update

Create a policy for protecting resources using Just-in-Time access control

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}?api-version=2020-01-01

URI Parameters

Name In Required Type Description
ascLocation
path True

string

The location where ASC stores the data of the subscription. can be retrieved from Get locations

jitNetworkAccessPolicyName
path True

string

Name of a Just-in-Time access configuration policy.

resourceGroupName
path True

string

The name of the resource group within the user's subscription. The name is case insensitive.

Regex pattern: ^[-\w\._\(\)]+$

subscriptionId
path True

string

Azure subscription ID

Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$

api-version
query True

string

API version for the operation

Request Body

Name Required Type Description
properties.virtualMachines True

JitNetworkAccessPolicyVirtualMachine[]

Configurations for Microsoft.Compute/virtualMachines resource type.

kind

string

Kind of the resource

properties.requests

JitNetworkAccessRequest[]

Responses

Name Type Description
200 OK

JitNetworkAccessPolicy

OK

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Create JIT network access policy

Sample request

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}

Sample response

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}

Definitions

Name Description
CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

CloudErrorBody

The error detail.

ErrorAdditionalInfo

The resource management error additional info.

JitNetworkAccessPolicy
JitNetworkAccessPolicyVirtualMachine
JitNetworkAccessPortRule
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
protocol
status

The status of the port

statusReason

A description of why the status has its value

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name Type Description
error.additionalInfo

ErrorAdditionalInfo[]

The error additional info.

error.code

string

The error code.

error.details

CloudErrorBody[]

The error details.

error.message

string

The error message.

error.target

string

The error target.

CloudErrorBody

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

CloudErrorBody[]

The error details.

message

string

The error message.

target

string

The error target.

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

JitNetworkAccessPolicy

Name Type Description
id

string

Resource Id

kind

string

Kind of the resource

location

string

Location where the resource is stored

name

string

Resource name

properties.provisioningState

string

Gets the provisioning state of the Just-in-Time policy.

properties.requests

JitNetworkAccessRequest[]

properties.virtualMachines

JitNetworkAccessPolicyVirtualMachine[]

Configurations for Microsoft.Compute/virtualMachines resource type.

type

string

Resource type

JitNetworkAccessPolicyVirtualMachine

Name Type Description
id

string

Resource ID of the virtual machine that is linked to this policy

ports

JitNetworkAccessPortRule[]

Port configurations for the virtual machine

publicIpAddress

string

Public IP address of the Azure Firewall that is linked to this policy, if applicable

JitNetworkAccessPortRule

Name Type Description
allowedSourceAddressPrefix

string

Mutually exclusive with the "allowedSourceAddressPrefixes" parameter. Should be an IP address or CIDR, for example "192.168.0.3" or "192.168.0.0/16".

allowedSourceAddressPrefixes

string[]

Mutually exclusive with the "allowedSourceAddressPrefix" parameter.

maxRequestAccessDuration

string

Maximum duration requests can be made for. In ISO 8601 duration format. Minimum 5 minutes, maximum 1 day

number

integer

protocol

protocol

JitNetworkAccessRequest

Name Type Description
justification

string

The justification for making the initiate request

requestor

string

The identity of the person who made the request

startTimeUtc

string

The start time of the request in UTC

virtualMachines

JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

Name Type Description
allowedSourceAddressPrefix

string

Mutually exclusive with the "allowedSourceAddressPrefixes" parameter. Should be an IP address or CIDR, for example "192.168.0.3" or "192.168.0.0/16".

allowedSourceAddressPrefixes

string[]

Mutually exclusive with the "allowedSourceAddressPrefix" parameter.

endTimeUtc

string

The date & time at which the request ends in UTC

mappedPort

integer

The port which is mapped to this port's number in the Azure Firewall, if applicable

number

integer

status

status

The status of the port

statusReason

statusReason

A description of why the status has its value

JitNetworkAccessRequestVirtualMachine

Name Type Description
id

string

Resource ID of the virtual machine that is linked to this policy

ports

JitNetworkAccessRequestPort[]

The ports that were opened for the virtual machine

protocol

Name Type Description
*

string

TCP

string

UDP

string

status

The status of the port

Name Type Description
Initiated

string

Revoked

string

statusReason

A description of why the status has its value

Name Type Description
Expired

string

NewerRequestInitiated

string

UserRequested

string