Skip to content

husamhilal/DoubleJIT

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Assets
Assets
 
 
Media
Media
 
 
LICENSE
LICENSE
 
 
Notes.md
Notes.md
 
 
README.md
README.md
 
 

Repository files navigation

DoubleJIT

Zero Trust Access to Azure VM through double Just in Time Access, at identity authorization level and network access level.

Architecture

Architecture Components

Architecture Diagram

JIT

Environment

Steps to create the initial environment

  1. Create Resource Group

  2. Create VNet with two subnets (see *note below)

    1. VMsSubnet - 10.10.0.0/24
    2. AzureBastionSubnet - 10.10.10.0/26

  3. Create VM (see *note below)

    1. Use Image: [smalldisk] Windows Server 2022 Datacenter - Gen2
    2. Use Subnet: VMsSubnet

  4. Create NSG (see *note below)

    1. NSG name is: VMsSubnetNSG
    2. Assign it to VMsSubnet
    3. Use this website to identify your IP https://ifconfig.me/ if you need to lock RDP port only to your IP address.

  5. Create Bastion; use this template to deploy Azure Bastion.

  6. Create sample users in Azure AD (using template provided in Assets)

  7. Create sample group (HR Helpdesk) in Azure, and add Kim Smith as a member.

  8. Setup MFA for Kim Smith account (aka.ms/SetupMFA)

Note: Templates referenced in Step 1, 2, 3, are as is in exported state. They are meant to clarify any details during the deployment. They still need some cleaning to be in deployable state.

Assets

Check the "Assets" directory

  1. Custom Role Definition (Virtual-Machine-JIT-User-Access.json)
  2. Template for creating sample users in Azure AD (UserCreateTemplate.csv)
  3. Azure ARM Exported Templates for creating VNet, VM and NSG (Exported Templates)

Resources

About

Zero Trust Access to Azure VM

Topics

security azure azuread just-in-time-access

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository