Administering Windows Server Hybrid Core Infrastructure (AZ-800) Practice

Which statement about Just-in-Time (JIT) access in Azure is true?

• A. JIT is enabled on VMs by default with no further steps
• B. Commonly used management ports must be added to the JIT configuration
• C. You can enable JIT access when attempting to connect to the VM
• D. JIT can only be configured through PowerShell

The correct answer is: You can enable JIT access when attempting to connect to the VM

Just-in-Time (JIT) access in Azure enhances security by permitting access to virtual machines only when needed and for a limited time. The statement regarding enabling JIT access when attempting to connect to the VM accurately reflects the functionality of JIT. When a user needs to connect to a virtual machine, they request access through the Azure portal. This request allows them to specify how long they need access, and only during that specified time frame will the necessary inbound ports be temporarily opened. This approach significantly reduces the attack surface by ensuring that management ports are not open all the time, thus mitigating risks associated with unauthorized access. The dynamic alteration of access times serves to tighten security and provides a controlled method for managing the accessibility of resources. Other choices may misrepresent how JIT operates; for instance, JIT is not enabled by default, management ports are not automatically configured without administrative action, and JIT can be managed through various methods beyond just PowerShell, allowing for a more flexible approach to configuration and management. Understanding these nuances helps appreciate the design and functionality of Azure's security features better.