Jit Network Access Policies - Create Or Update

Referencia

Service:: Defender for Cloud

API Version:: 2020-01-01

Crear una directiva para proteger los recursos mediante el control de acceso Just-In-Time

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}?api-version=2020-01-01

Parámetros de identificador URI

Nombre	En	Requerido	Tipo	Description
ascLocation	path	True	string	Ubicación donde ASC almacena los datos de la suscripción. se puede recuperar desde Get locations
jitNetworkAccessPolicyName	path	True	string	Nombre de una directiva de configuración de acceso Just-In-Time.
resourceGroupName	path	True	string	Nombre del grupo de recursos dentro de la suscripción del usuario. El nombre distingue mayúsculas de minúsculas. Regex pattern: `^[-\w\._]+$`
subscriptionId	path	True	string	Identificador de suscripción de Azure Regex pattern: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	Versión de API para la operación

Cuerpo de la solicitud

Nombre	Requerido	Tipo	Description
properties.virtualMachines	True	JitNetworkAccessPolicyVirtualMachine[]	Configuraciones para el tipo de recurso Microsoft.Compute/virtualMachines.
kind		string	Tipo de recurso
properties.requests		JitNetworkAccessRequest[]

Respuestas

Nombre	Tipo	Description
200 OK	JitNetworkAccessPolicy	Aceptar
Other Status Codes	CloudError	Respuesta de error que describe el motivo del error de la operación.

Seguridad

azure_auth

Flujo OAuth2 de Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nombre	Description
user_impersonation	suplantación de su cuenta de usuario

Ejemplos

Create JIT network access policy

Sample Request

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}


import com.azure.resourcemanager.security.fluent.models.JitNetworkAccessRequestInner;
import com.azure.resourcemanager.security.models.JitNetworkAccessPolicyVirtualMachine;
import com.azure.resourcemanager.security.models.JitNetworkAccessPortRule;
import com.azure.resourcemanager.security.models.JitNetworkAccessRequestPort;
import com.azure.resourcemanager.security.models.JitNetworkAccessRequestVirtualMachine;
import com.azure.resourcemanager.security.models.Protocol;
import com.azure.resourcemanager.security.models.Status;
import com.azure.resourcemanager.security.models.StatusReason;
import java.time.OffsetDateTime;
import java.util.Arrays;

/**
 * Samples for JitNetworkAccessPolicies CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/
     * CreateJitNetworkAccessPolicy_example.json
     */
    /**
     * Sample code: Create JIT network access policy.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void createJITNetworkAccessPolicy(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.jitNetworkAccessPolicies().define("default").withExistingLocation("myRg1", "westeurope")
            .withVirtualMachines(Arrays.asList(new JitNetworkAccessPolicyVirtualMachine().withId(
                "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1")
                .withPorts(Arrays.asList(
                    new JitNetworkAccessPortRule().withNumber(22).withProtocol(Protocol.ASTERISK)
                        .withAllowedSourceAddressPrefix("*").withMaxRequestAccessDuration("PT3H"),
                    new JitNetworkAccessPortRule().withNumber(3389).withProtocol(Protocol.ASTERISK)
                        .withAllowedSourceAddressPrefix("*").withMaxRequestAccessDuration("PT3H")))))
            .withKind("Basic")
            .withRequests(Arrays.asList(new JitNetworkAccessRequestInner()
                .withVirtualMachines(Arrays.asList(new JitNetworkAccessRequestVirtualMachine().withId(
                    "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1")
                    .withPorts(Arrays.asList(
                        new JitNetworkAccessRequestPort().withNumber(3389).withAllowedSourceAddressPrefix("192.127.0.2")
                            .withEndTimeUtc(OffsetDateTime.parse("2018-05-17T09:06:45.5691611Z"))
                            .withStatus(Status.INITIATED).withStatusReason(StatusReason.USER_REQUESTED)))))
                .withStartTimeUtc(OffsetDateTime.parse("2018-05-17T08:06:45.5691611Z"))
                .withRequestor("barbara@contoso.com")))
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/CreateJitNetworkAccessPolicy_example.json
func ExampleJitNetworkAccessPoliciesClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewJitNetworkAccessPoliciesClient().CreateOrUpdate(ctx, "myRg1", "westeurope", "default", armsecurity.JitNetworkAccessPolicy{
		Kind:     to.Ptr("Basic"),
		Location: to.Ptr("westeurope"),
		Name:     to.Ptr("default"),
		Type:     to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
		ID:       to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
		Properties: &armsecurity.JitNetworkAccessPolicyProperties{
			ProvisioningState: to.Ptr("Succeeded"),
			Requests: []*armsecurity.JitNetworkAccessRequest{
				{
					Requestor:    to.Ptr("barbara@contoso.com"),
					StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t }()),
					VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
						{
							ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
							Ports: []*armsecurity.JitNetworkAccessRequestPort{
								{
									AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
									EndTimeUTC:                 to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t }()),
									Number:                     to.Ptr[int32](3389),
									Status:                     to.Ptr(armsecurity.StatusInitiated),
									StatusReason:               to.Ptr(armsecurity.StatusReasonUserRequested),
								}},
						}},
				}},
			VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
				{
					ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
					Ports: []*armsecurity.JitNetworkAccessPortRule{
						{
							AllowedSourceAddressPrefix: to.Ptr("*"),
							MaxRequestAccessDuration:   to.Ptr("PT3H"),
							Number:                     to.Ptr[int32](22),
							Protocol:                   to.Ptr(armsecurity.ProtocolAll),
						},
						{
							AllowedSourceAddressPrefix: to.Ptr("*"),
							MaxRequestAccessDuration:   to.Ptr("PT3H"),
							Number:                     to.Ptr[int32](3389),
							Protocol:                   to.Ptr(armsecurity.ProtocolAll),
						}},
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.JitNetworkAccessPolicy = armsecurity.JitNetworkAccessPolicy{
	// 	Kind: to.Ptr("Basic"),
	// 	Location: to.Ptr("westeurope"),
	// 	Name: to.Ptr("default"),
	// 	Type: to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
	// 	Properties: &armsecurity.JitNetworkAccessPolicyProperties{
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		Requests: []*armsecurity.JitNetworkAccessRequest{
	// 			{
	// 				Requestor: to.Ptr("barbara@contoso.com"),
	// 				StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t}()),
	// 				VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
	// 					{
	// 						ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 						Ports: []*armsecurity.JitNetworkAccessRequestPort{
	// 							{
	// 								AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
	// 								EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t}()),
	// 								Number: to.Ptr[int32](3389),
	// 								Status: to.Ptr(armsecurity.StatusInitiated),
	// 								StatusReason: to.Ptr(armsecurity.StatusReasonUserRequested),
	// 						}},
	// 				}},
	// 		}},
	// 		VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
	// 			{
	// 				ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 				Ports: []*armsecurity.JitNetworkAccessPortRule{
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](22),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 					},
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](3389),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 				}},
	// 		}},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Create a policy for protecting resources using Just-in-Time access control
 *
 * @summary Create a policy for protecting resources using Just-in-Time access control
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/CreateJitNetworkAccessPolicy_example.json
 */
async function createJitNetworkAccessPolicy() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg1";
  const ascLocation = "westeurope";
  const jitNetworkAccessPolicyName = "default";
  const body = {
    name: "default",
    type: "Microsoft.Security/locations/jitNetworkAccessPolicies",
    id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
    kind: "Basic",
    location: "westeurope",
    provisioningState: "Succeeded",
    requests: [
      {
        requestor: "barbara@contoso.com",
        startTimeUtc: new Date("2018-05-17T08:06:45.5691611Z"),
        virtualMachines: [
          {
            id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            ports: [
              {
                allowedSourceAddressPrefix: "192.127.0.2",
                endTimeUtc: new Date("2018-05-17T09:06:45.5691611Z"),
                number: 3389,
                status: "Initiated",
                statusReason: "UserRequested",
              },
            ],
          },
        ],
      },
    ],
    virtualMachines: [
      {
        id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        ports: [
          {
            allowedSourceAddressPrefix: "*",
            maxRequestAccessDuration: "PT3H",
            number: 22,
            protocol: "*",
          },
          {
            allowedSourceAddressPrefix: "*",
            maxRequestAccessDuration: "PT3H",
            number: 3389,
            protocol: "*",
          },
        ],
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.jitNetworkAccessPolicies.createOrUpdate(
    resourceGroupName,
    ascLocation,
    jitNetworkAccessPolicyName,
    body
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/CreateJitNetworkAccessPolicy_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this JitNetworkAccessPolicyResource created on azure
// for more information of creating JitNetworkAccessPolicyResource, please refer to the document of JitNetworkAccessPolicyResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg1";
AzureLocation ascLocation = new AzureLocation("westeurope");
string jitNetworkAccessPolicyName = "default";
ResourceIdentifier jitNetworkAccessPolicyResourceId = JitNetworkAccessPolicyResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName);
JitNetworkAccessPolicyResource jitNetworkAccessPolicy = client.GetJitNetworkAccessPolicyResource(jitNetworkAccessPolicyResourceId);

// invoke the operation
JitNetworkAccessPolicyData data = new JitNetworkAccessPolicyData(new JitNetworkAccessPolicyVirtualMachine[]
{
new JitNetworkAccessPolicyVirtualMachine(new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),new JitNetworkAccessPortRule[]
{
new JitNetworkAccessPortRule(22,JitNetworkAccessPortProtocol.All,XmlConvert.ToTimeSpan("PT3H"))
{
AllowedSourceAddressPrefix = "*",
},new JitNetworkAccessPortRule(3389,JitNetworkAccessPortProtocol.All,XmlConvert.ToTimeSpan("PT3H"))
{
AllowedSourceAddressPrefix = "*",
}
})
})
{
    Requests =
    {
    new JitNetworkAccessRequestInfo(new JitNetworkAccessRequestVirtualMachine[]
    {
    new JitNetworkAccessRequestVirtualMachine(new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),new JitNetworkAccessRequestPort[]
    {
    new JitNetworkAccessRequestPort(3389,DateTimeOffset.Parse("2018-05-17T09:06:45.5691611Z"),JitNetworkAccessPortStatus.Initiated,JitNetworkAccessPortStatusReason.UserRequested)
    {
    AllowedSourceAddressPrefix = "192.127.0.2",
    }
    })
    },DateTimeOffset.Parse("2018-05-17T08:06:45.5691611Z"),"barbara@contoso.com")
    },
    Kind = "Basic",
};
ArmOperation<JitNetworkAccessPolicyResource> lro = await jitNetworkAccessPolicy.UpdateAsync(WaitUntil.Completed, data);
JitNetworkAccessPolicyResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
JitNetworkAccessPolicyData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}

Definiciones

Nombre	Description
CloudError	Respuesta de error común para todas las API de Azure Resource Manager para devolver los detalles de error de las operaciones con errores. (Esto también sigue el formato de respuesta de error de OData).
CloudErrorBody	Detalle del error.
ErrorAdditionalInfo	Información adicional sobre el error de administración de recursos.
JitNetworkAccessPolicy
JitNetworkAccessPolicyVirtualMachine
JitNetworkAccessPortRule
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
protocol
status	Estado del puerto
statusReason	Descripción de por qué tiene `status` su valor

CloudError

Respuesta de error común para todas las API de Azure Resource Manager para devolver los detalles de error de las operaciones con errores. (Esto también sigue el formato de respuesta de error de OData).

Nombre	Tipo	Description
error.additionalInfo	ErrorAdditionalInfo[]	Información adicional del error.
error.code	string	Código de error.
error.details	CloudErrorBody[]	Los detalles del error.
error.message	string	El mensaje de error.
error.target	string	Destino del error.

CloudErrorBody

Detalle del error.

Nombre	Tipo	Description
additionalInfo	ErrorAdditionalInfo[]	Información adicional del error.
code	string	Código de error.
details	CloudErrorBody[]	Los detalles del error.
message	string	El mensaje de error.
target	string	Destino del error.

ErrorAdditionalInfo

Información adicional sobre el error de administración de recursos.

Nombre	Tipo	Description
info	object	Información adicional.
type	string	Tipo de información adicional.

JitNetworkAccessPolicy

Nombre	Tipo	Description
id	string	Id. de recurso
kind	string	Tipo de recurso
location	string	Ubicación donde se almacena el recurso
name	string	Nombre del recurso
properties.provisioningState	string	Obtiene el estado de aprovisionamiento de la directiva Just-In-Time.
properties.requests	JitNetworkAccessRequest[]
properties.virtualMachines	JitNetworkAccessPolicyVirtualMachine[]	Configuraciones para el tipo de recurso Microsoft.Compute/virtualMachines.
type	string	Tipo de recurso

JitNetworkAccessPolicyVirtualMachine

Nombre	Tipo	Description
id	string	Identificador de recurso de la máquina virtual vinculada a esta directiva
ports	JitNetworkAccessPortRule[]	Configuraciones de puerto para la máquina virtual
publicIpAddress	string	Dirección IP pública del Azure Firewall que está vinculado a esta directiva, si procede

JitNetworkAccessPortRule

Nombre	Tipo	Description
allowedSourceAddressPrefix	string	Excluyente mutuamente con el parámetro "allowedSourceAddressPrefixes". Debe ser una dirección IP o CIDR, por ejemplo, "192.168.0.3" o "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	Excluyente mutuamente con el parámetro "allowedSourceAddressPrefix".
maxRequestAccessDuration	string	Se pueden realizar solicitudes de duración máxima. En formato de duración ISO 8601. Mínimo 5 minutos, máximo 1 día
number	integer
protocol	protocol

JitNetworkAccessRequest

Nombre	Tipo	Description
justification	string	Justificación para realizar la solicitud de inicio
requestor	string	La identidad de la persona que realizó la solicitud
startTimeUtc	string	Hora de inicio de la solicitud en UTC
virtualMachines	JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

Nombre	Tipo	Description
allowedSourceAddressPrefix	string	Excluyente mutuamente con el parámetro "allowedSourceAddressPrefixes". Debe ser una dirección IP o CIDR, por ejemplo, "192.168.0.3" o "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	Excluyente mutuamente con el parámetro "allowedSourceAddressPrefix".
endTimeUtc	string	Fecha & hora a la que finaliza la solicitud en UTC
mappedPort	integer	Puerto que se asigna a este puerto `number` en el Azure Firewall, si procede.
number	integer
status	status	Estado del puerto
statusReason	statusReason	Descripción de por qué tiene `status` su valor

JitNetworkAccessRequestVirtualMachine

Nombre	Tipo	Description
id	string	Identificador de recurso de la máquina virtual vinculada a esta directiva
ports	JitNetworkAccessRequestPort[]	Puertos abiertos para la máquina virtual

protocol

Nombre	Tipo	Description
*	string
TCP	string
UDP	string

status

Estado del puerto

Nombre	Tipo	Description
Initiated	string
Revoked	string

statusReason

Descripción de por qué tiene status su valor

Nombre	Tipo	Description
Expired	string
NewerRequestInitiated	string
UserRequested	string

Jit Network Access Policies - Create Or Update

Parámetros de identificador URI

Cuerpo de la solicitud

Respuestas

Seguridad

azure_auth

Scopes

Ejemplos

Create JIT network access policy

Sample Request

Sample Response

Definiciones

CloudError

CloudErrorBody

ErrorAdditionalInfo

JitNetworkAccessPolicy

JitNetworkAccessPolicyVirtualMachine

JitNetworkAccessPortRule

JitNetworkAccessRequest

JitNetworkAccessRequestPort

JitNetworkAccessRequestVirtualMachine

protocol

status

statusReason

Recursos adicionales