| Plugin Title | Monitor JIT Network Access |
| Cloud | AZURE |
| Category | Defender |
| Description | Ensures Just In Time Network Access monitoring is enabled in Defender |
| More Info | When this setting is enabled, Defender audits Just In Time Network Access on all virtual machines (Windows and Linux as well) to enhance data protection at rest |
| AZURE Link | https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference |
| Recommended Action | Ensure JIT Network Access monitoring is configured for compute and apps from the Azure Defender. |
- Log in to the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for "Policy" and select the "Policy".
- Scroll down the left navigation panel and select "Compliance".
- On the "Policy | Compliance" page, under "Name" column select compliance for the "Scope" of necessary Subscription.
- On the "Policy| Compliance" page select the "View Assignment" Tab on the top.
- On the "Policy| Compliance | Subscription" page, Select the "Edit Assignment" Tab at the top.
- On the Assign Initiative page, select the "Parameters" tab and uncheck "Only show parameters that need input or review". It will show you a list of parameters.
- In the list search for the setting "Management ports of virtual machines should be protected with just-in-time network access control". If it's set to "Disabled" then "JIT Network Access monitoring" is not enabled on the selected "Subscription".
- To enable "JIT Network Access monitoring" click to open the dropdown of "Management ports of virtual machines should be protected with just-in-time network access control" and select the "AuditIfNotExists" option.
- Click on the "Review + save" button to make the necessary changes.
- Repeat steps number 3 - 10 to ensure "Monitor JIT Network Access" is configured from the Azure Defender.
