Just in time access policy creation RRS feed

  • Question

  • We've been testing JIT access for our machines and it works for the most part but there are some quirks I can't explain.

    With the same Network Security Group assigned to all my machines and JIT enabled.  When someone requests access to Machine A (for example), JIT creates a policy to allow the user access but it creates the policy on ALL machines.  So if a user requests access to Machine A, a policy is created for Machine A,B,C,D.

    I'd also like to prevent people from allowing IP ranges but I don't see any way to disable it.


    Friday, May 24, 2019 5:10 PM

All replies

  • This seems odd and so I suggest you to please open a [Azure Support Ticket]( so that Microsoft Support engineer can check further on this issue. In case you limitations in your support plan to open support ticket please let me know.
    Wednesday, May 29, 2019 5:01 AM
  • Is your issue resolved ? Are you able to open a new support ticket ?
    Saturday, June 1, 2019 12:07 AM
  • Thanks for the follow up Saurabh.

    I haven't opened a ticket yet but I did discover the user who was opening the IP up to the world.

    I still want to disable the ability to open the VM up to the entire cloud but it isn't as urgent now.

    Monday, June 3, 2019 7:14 PM