Oct 05 2023 05:18 AM
I'm running a VM on Azure with ports open.
I recently noticed that Azure is automatically closing ports that were previously open under "Network". From my research, this seems to be caused by a Just-In-Time policy because the name of the rule is like "MDC JIT Network Access rule for policy 'default' of VM...".
However, when I go to "Connect" I can see that a JIT-policy is configured for that port. When I try to configure this policy, I always end up on a JIT welcome page asking me to try the JIT Features free for 30 days. So the function doesn't seem to be active.
My goal is to remove this Just-In-Time policy so that Azure no longer automatically closes my ports. Can someone explain to me how I can do this exactly?
Oct 05 2023 11:52 AM - edited Oct 05 2023 11:55 AM
when vm is enabled for JIT access, this rule denies virtual network access. If you wish to allow access to your virtual network, add an inbound rule with higher priority to Allow VirtualNetwork to VirtualNetwork.
If you want to remove JIT access to you VM you can do it from
Oct 05 2023 10:09 PM
Thanks for your reply!
When adding a rule with higher priority, azur creates or updates a rule, to again lock the port after some time.
So I have to remove the JIT access of the VM. When navigating to Microsoft Defender for Cloud, it looks like Microsoft Defender is not even active:
Is there another way to remove the JIT-Access?
Oct 06 2023 01:29 AM
You may have some JIT policy that was some how created even when your subscription doesnt have Defender for Servers enabled.
Try to delete that JIT policy using API.
Go to Azure portal API playground by following this link
https://ms.portal.azure.com/#view/Microsoft_Azure_Resources/ArmPlayground
List all the JIT policies under your subscription using the api described here
Find the JIT policy associated with that VM and delete it