Can I use Just in time access without public IP?

Jay Sachapara 1 Reputation point

I would like to implement Just in time access to my organization.
VM has private IP but no public IP.
Is it required to have public IP to the VM?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,061 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,181 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Pradeep Kommaraju 2,546 Reputation points

    Hi @Jay Sachapara

    Thanks for reaching out to Microsoft Q & A Platform .

    To answer your question, Yes we can enable JIT access to the Private VM's as well who doesn't have the public ip associated to it .

    Navigate to configuration tab and from menu and enable the JIT on the VM.
    Once it is enabled you should be able to view the functional working also you should see the new NSG's which are created , For example check the following:


    Hope this answers your question



    Please don't forget to "Accept the answer " or "Up-Vote" if this was helpful .

    0 comments No comments

  2. Jay Sachapara 1 Reputation point

    Thank you for the response.
    I have enabled JIT and requested access as well but when I download RDP file and tries to connect it give me an error.
    This is a brand new tenant and I only have one VM with no public IP.

  3. Prrudram-MSFT 21,786 Reputation points

    Hello @Jay Sachapara ,

    In addition to what my peer @Pradeep Kommaraju , has suggested I would like you to refer to the azure bastion documentation here
    How to configure azure bastion
    How to connect to a Windows VM
    To connect to a Linux VM

    (If any of the responses were helpful please don't forget to upvote and/or accept as answer, thank you)

    0 comments No comments

  4. Sam Cogan 10,082 Reputation points MVP

    Just in Time access only works for VM's with Public IP's. What JIT does is open a NSG port for RDP access for the duration of the request, it doesn't do anything else to support access.
    Instead, you can make use of Azure Bastion for this, which will provide a jump box as a service for you to connect. You could also combine this with Azure Privilaged Identity Management to perofrm just in time elevation to give rights to use bastion, to give you a JIT process.