Jit Network Access Policies - List By Region

Service:

Defender for Cloud

API Version:

2020-01-01

Políticas para proteger recursos através do controlo de acesso Just-in-Time para a subscrição, localização

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies?api-version=2020-01-01

Parâmetros do URI

Name	Em	Necessário	Tipo	Description
ascLocation	path	True	string	A localização onde o ASC armazena os dados da subscrição. pode ser obtido a partir de Obter localizações
subscriptionId	path	True	string	ID da subscrição do Azure Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	Versão da API para a operação

Respostas

Name	Tipo	Description
200 OK	JitNetworkAccessPoliciesList	OK
Other Status Codes	CloudError	Resposta de erro que descreve a razão pela qual a operação falhou.

Segurança

azure_auth

Fluxo OAuth2 do Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	representar a sua conta de utilizador

Exemplos

Get JIT network access policies on a subscription from a security data location

Sample Request

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies?api-version=2020-01-01

Java

/**
 * Samples for JitNetworkAccessPolicies ListByRegion.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/
     * GetJitNetworkAccessPoliciesSubscriptionLocation_example.json
     */
    /**
     * Sample code: Get JIT network access policies on a subscription from a security data location.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getJITNetworkAccessPoliciesOnASubscriptionFromASecurityDataLocation(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.jitNetworkAccessPolicies().listByRegion("westeurope", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPoliciesSubscriptionLocation_example.json
func ExampleJitNetworkAccessPoliciesClient_NewListByRegionPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewJitNetworkAccessPoliciesClient().NewListByRegionPager("westeurope", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.JitNetworkAccessPoliciesList = armsecurity.JitNetworkAccessPoliciesList{
		// 	Value: []*armsecurity.JitNetworkAccessPolicy{
		// 		{
		// 			Kind: to.Ptr("Basic"),
		// 			Location: to.Ptr("westeurope"),
		// 			Name: to.Ptr("default"),
		// 			Type: to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
		// 			Properties: &armsecurity.JitNetworkAccessPolicyProperties{
		// 				ProvisioningState: to.Ptr("Succeeded"),
		// 				Requests: []*armsecurity.JitNetworkAccessRequest{
		// 					{
		// 						Justification: to.Ptr("testing a new version of the product"),
		// 						Requestor: to.Ptr("barbara@contoso.com"),
		// 						StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t}()),
		// 						VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
		// 							{
		// 								ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
		// 								Ports: []*armsecurity.JitNetworkAccessRequestPort{
		// 									{
		// 										AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
		// 										EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t}()),
		// 										Number: to.Ptr[int32](3389),
		// 										Status: to.Ptr(armsecurity.StatusInitiated),
		// 										StatusReason: to.Ptr(armsecurity.StatusReasonUserRequested),
		// 								}},
		// 						}},
		// 				}},
		// 				VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
		// 					{
		// 						ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
		// 						Ports: []*armsecurity.JitNetworkAccessPortRule{
		// 							{
		// 								AllowedSourceAddressPrefix: to.Ptr("*"),
		// 								MaxRequestAccessDuration: to.Ptr("PT3H"),
		// 								Number: to.Ptr[int32](22),
		// 								Protocol: to.Ptr(armsecurity.ProtocolAll),
		// 							},
		// 							{
		// 								AllowedSourceAddressPrefix: to.Ptr("*"),
		// 								MaxRequestAccessDuration: to.Ptr("PT3H"),
		// 								Number: to.Ptr[int32](3389),
		// 								Protocol: to.Ptr(armsecurity.ProtocolAll),
		// 						}},
		// 				}},
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Policies for protecting resources using Just-in-Time access control for the subscription, location
 *
 * @summary Policies for protecting resources using Just-in-Time access control for the subscription, location
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPoliciesSubscriptionLocation_example.json
 */
async function getJitNetworkAccessPoliciesOnASubscriptionFromASecurityDataLocation() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const ascLocation = "westeurope";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.jitNetworkAccessPolicies.listByRegion(ascLocation)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPoliciesSubscriptionLocation_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_ListByRegion" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SecurityCenterLocationResource created on azure
// for more information of creating SecurityCenterLocationResource, please refer to the document of SecurityCenterLocationResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
AzureLocation ascLocation = new AzureLocation("westeurope");
ResourceIdentifier securityCenterLocationResourceId = SecurityCenterLocationResource.CreateResourceIdentifier(subscriptionId, ascLocation);
SecurityCenterLocationResource securityCenterLocation = client.GetSecurityCenterLocationResource(securityCenterLocationResourceId);

// invoke the operation and iterate over the result
await foreach (JitNetworkAccessPolicyResource item in securityCenterLocation.GetJitNetworkAccessPoliciesByRegionAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    JitNetworkAccessPolicyData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "value": [
    {
      "kind": "Basic",
      "properties": {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 22,
                "protocol": "*",
                "allowedSourceAddressPrefix": "*",
                "maxRequestAccessDuration": "PT3H"
              },
              {
                "number": 3389,
                "protocol": "*",
                "allowedSourceAddressPrefix": "*",
                "maxRequestAccessDuration": "PT3H"
              }
            ]
          }
        ],
        "requests": [
          {
            "virtualMachines": [
              {
                "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
                "ports": [
                  {
                    "number": 3389,
                    "allowedSourceAddressPrefix": "192.127.0.2",
                    "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                    "status": "Initiated",
                    "statusReason": "UserRequested"
                  }
                ]
              }
            ],
            "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
            "requestor": "barbara@contoso.com",
            "justification": "testing a new version of the product"
          }
        ],
        "provisioningState": "Succeeded"
      },
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
      "name": "default",
      "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
      "location": "westeurope"
    }
  ]
}

Definições

Name	Description
CloudError	Resposta de erro comum para todas as APIs Resource Manager do Azure para devolver detalhes de erro para operações falhadas. (Isto também segue o formato de resposta de erro OData.).
CloudErrorBody	O detalhe do erro.
ErrorAdditionalInfo	Informações adicionais sobre o erro de gestão de recursos.
JitNetworkAccessPoliciesList
JitNetworkAccessPolicy
JitNetworkAccessPolicyVirtualMachine
JitNetworkAccessPortRule
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
protocol
status	O estado da porta
statusReason	Uma descrição do motivo pelo qual o tem o status respetivo valor

CloudError

Resposta de erro comum para todas as APIs Resource Manager do Azure para devolver detalhes de erro para operações falhadas. (Isto também segue o formato de resposta de erro OData.).

Name	Tipo	Description
error.additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
error.code	string	O código de erro.
error.details	CloudErrorBody[]	Os detalhes do erro.
error.message	string	A mensagem de erro.
error.target	string	O destino do erro.

CloudErrorBody

O detalhe do erro.

Name	Tipo	Description
additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
code	string	O código de erro.
details	CloudErrorBody[]	Os detalhes do erro.
message	string	A mensagem de erro.
target	string	O destino do erro.

ErrorAdditionalInfo

Informações adicionais sobre o erro de gestão de recursos.

Name	Tipo	Description
info	object	As informações adicionais.
type	string	O tipo de informação adicional.

JitNetworkAccessPoliciesList

Name	Tipo	Description
nextLink	string	O URI para obter a página seguinte.
value	JitNetworkAccessPolicy[]

JitNetworkAccessPolicy

Name	Tipo	Description
id	string	ID do Recurso
kind	string	Tipo de recurso
location	string	Localização onde o recurso está armazenado
name	string	Nome do recurso
properties.provisioningState	string	Obtém o estado de aprovisionamento da política Just-in-Time.
properties.requests	JitNetworkAccessRequest[]
properties.virtualMachines	JitNetworkAccessPolicyVirtualMachine[]	Configurações para o tipo de recurso Microsoft.Compute/virtualMachines.
type	string	Tipo de recurso

JitNetworkAccessPolicyVirtualMachine

Name	Tipo	Description
id	string	ID de recurso da máquina virtual que está ligada a esta política
ports	JitNetworkAccessPortRule[]	Configurações de porta para a máquina virtual
publicIpAddress	string	Endereço IP público do Azure Firewall associado a esta política, se aplicável

JitNetworkAccessPortRule

Name	Tipo	Description
allowedSourceAddressPrefix	string	Mutuamente exclusivo com o parâmetro "allowedSourceAddressPrefixes". Deve ser um endereço IP ou CIDR, por exemplo "192.168.0.3" ou "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	Mutuamente exclusivo com o parâmetro "allowedSourceAddressPrefix".
maxRequestAccessDuration	string	Podem ser feitos pedidos de duração máxima. No formato de duração ISO 8601. Mínimo de 5 minutos, máximo de 1 dia
number	integer
protocol	protocol

JitNetworkAccessRequest

Name	Tipo	Description
justification	string	A justificação para fazer o pedido de início
requestor	string	A identidade da pessoa que fez o pedido
startTimeUtc	string	A hora de início do pedido em UTC
virtualMachines	JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

Name	Tipo	Description
allowedSourceAddressPrefix	string	Mutuamente exclusivo com o parâmetro "allowedSourceAddressPrefixes". Deve ser um endereço IP ou CIDR, por exemplo "192.168.0.3" ou "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	Mutuamente exclusivo com o parâmetro "allowedSourceAddressPrefix".
endTimeUtc	string	A data & hora em que o pedido termina em UTC
mappedPort	integer	A porta mapeada para esta porta number no Azure Firewall, se aplicável
number	integer
status	status	O estado da porta
statusReason	statusReason	Uma descrição do motivo pelo qual o tem o status respetivo valor

JitNetworkAccessRequestVirtualMachine

Name	Tipo	Description
id	string	ID de recurso da máquina virtual que está ligada a esta política
ports	JitNetworkAccessRequestPort[]	As portas que foram abertas para a máquina virtual

protocol

Name	Tipo	Description
*	string
TCP	string
UDP	string

status

O estado da porta

Name	Tipo	Description
Initiated	string
Revoked	string

statusReason

Uma descrição do motivo pelo qual o tem o status respetivo valor

Name	Tipo	Description
Expired	string
NewerRequestInitiated	string
UserRequested	string