Protect your Virtual Machines (VMs) with Microsoft Defender for Servers

Defender for Servers in Microsoft Defender for Cloud, limits your exposure to threats by using access and application controls to block malicious activity. Just-in-time (JIT) virtual machine (VM) access reduces your exposure to attacks by enabling you to deny persistent access to VMs. Instead, you provide controlled and audited access to VMs only when needed. Defender for Cloud uses machine learning to analyze the processes running in the VM and helps you apply allowlist rules using this intelligence.

In this tutorial you'll learn how to:

  • Configure a just-in-time VM access policy
  • Configure an application control policy

Prerequisites

To step through the features covered in this tutorial, you must have Defender for Cloud's enhanced security features enabled. A free trial is available. To upgrade, see Enable enhanced protections.

Manage VM access

JIT VM access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

Management ports don't need to be open always. They only need to be open while you're connected to the VM, for example to perform management or maintenance tasks. When just-in-time is enabled, Defender for Cloud uses Network Security Group (NSG) rules, which restrict access to management ports so they can't be targeted by attackers.

Follow the guidance in Secure your management ports with just-in-time access.

Next steps

In this tutorial, you learned how to limit your exposure to threats by:

  • Configuring a just-in-time VM access policy to provide controlled and audited access to VMs only when needed

Advance to the next tutorial to learn about responding to security incidents.