JIT VM Access - One way to reduce VM attack surface area When a cloud resource is publicly accessible, it means it also ready for attack. In this post, we will see how JIT helps azure virtual machine with public IP enabled securing briely. Organizations need a VM with public IP sometimes. In this kind of scenario, we need secure the VM from attacker. Just-In-Time (JIT) is one of the way to secure the VM in following ways. It can block RDP (3389) and SSH (22) ports. It allows to set specific port can be opened for a specific time for specific IP ranges. It can work with VMs only have private IP as well. Azure Bastion can be used to block traffic for a private IP VM until JIT access is enabled. To enable JIT VM access, Go to configuration and enable it.