JIT access on VM blade should behave exactly like it does in Security Center
JIT is a great part of the product. From the Security Center blade it allows a user to open a specific IP (MyIP) that they are connecting from. I can whitelist IPs, ranges, etc, or allow them to whitelist any specific IP of their choice.
When using JIT from the VM blade it simply places the whitelist (or * if no whitelist is present) into the new NSG rule. I would like the VM blade's implementation of JIT to match with the Security Center implementation. In my use case I want to allow users to open individual IPs, tied to their request, from a very large range of IP - for example a single IP from a full class B.
Browning, Bill
shared this idea
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
2 comments
-
Nathan
commented
Just changing the default to My IP would be a good first step here.
-
Simon
commented
I have to say that for us, having recently tried JIT, it honestly looks like an abandoned feature. The feature documentation's out of date and sometimes just wrong, the Powershell documentation is incomplete to the point of being missing, and the portal interfaces are some of the buggiest I've seen (and this is Azure, so I've seen some BUGGY interfaces). It smells of three different teams all working on the same feature with absolutely zero communication between them.