Managing Access to Resources with JIT Provisioning
Start course
1h 26m

This course covers how to implement Azure network security. Through a combination of both theory and practical demonstrations, you will learn how to create and configure a range of Azure services designed to keep your network secure.

This includes topics such as virtual network connectivity, the Azure Front Door Service, NSG configuration, Azure firewall configuration, and application security groups. The course then moves on to the configuration of remote access management via just-in-time access and tools that are used to configure baselines.

We’d love to get your feedback on this course, so please give it a rating when you’re finished. If you have any queries or suggestions, please contact us at

Learning Objectives

  • Understand how to implement Azure network security
  • Learn about the various Azure services and methodologies available to secure your network

Intended Audience

This course is intended for IT professionals who are interested in earning Azure certification and for those who work with Microsoft Azure on a daily basis.


To get the most from this course, you should have at least a basic understanding of Azure network resources such as virtual networks, Azure firewalls, and network security groups.



Hi, everyone. Welcome back. In this lesson, I want to talk a little bit about just-in-time provisioning. Just-in-time provisioning is used to lock down inbound traffic to Azure virtual machines. By using just-in-time provisioning, you can ensure that only those who need access to your VMs get access, but that they only get access when it's needed. This reduces exposure to attacks while providing access to connect to virtual machines only when needed.

Just-in-time provisioning is useful for protecting against brute-force attacks. Such attacks will often target management ports as a means to gain access to a virtual machine. When a brute-force attack is successful, the attacker can take control of a VM and establish a foothold in your environment.

Just-in-time provisioning protects against brute-force attacks by limiting the amount of time that the ports for a VM are open. Protecting virtual machines via Just-in-Time VM Access reduces the amount of time that an account has access privileges and it increases visibility into the use of such privileged accounts. To enable Just-in-Time VM Access for virtual machines, you need to create a policy that determines which ports to protect, how long those ports need to remain open, and any approved IP addresses that can access those ports. By creating such a policy, you can maintain control over what users can do when they request access.

Access requests are also logged in the Azure activity log. This allows you to monitor and audit access. You can then easily identify existing virtual machines that have Just-in-Time VM Access enabled, as well as any virtual machines where Just-in-Time VM Access is recommended.

To leverage Just-in-Time VM Access, you need to be in the Standard pricing tier of Azure Security Center. In the next lesson, I'll show you how to configure just-in-time access for a virtual machine.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.