How can we improve Azure Virtual Machines?

Add "VM JIT Requestor" role to Resource/RG level role list

Quite often, I want to grant users login access to an Azure VM without giving them contributor access to modify the metadata associated with the VM itself. However, while Reader access gives users access to the Azure portal, and Virtual Machine User Login access allows users to login to the VM once in the portal, neither the aforementioned roles nor any other predefined role provides the ability to request JIT access to the VM.

My workaround has been to create a cusotm role with the following allowed action: Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action

However, this seems like an action that should either be allowed for VM Admin/User login roles anyway, or at a bare minimum created as a new role. Would it be possible to update or create the necessary roles in this manner?

2 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Julian Blair shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base