你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Jit Network Access Policies - Create Or Update

服务:: Defender for Cloud

API 版本:: 2020-01-01

使用实时访问控制创建用于保护资源的策略

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}?api-version=2020-01-01

URI 参数

名称	在	必需	类型	说明
ascLocation	path	True	string	ASC 存储订阅数据的位置。可以从 Get 位置检索
jitNetworkAccessPolicyName	path	True	string	实时访问配置策略的名称。
resourceGroupName	path	True	string minLength: 1 maxLength: 90 pattern: ^[-\w\._\(\)]+$	用户订阅中的资源组的名称。名称不区分大小写。
subscriptionId	path	True	string pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$	Azure 订阅 ID
api-version	query	True	string	操作的 API 版本

请求正文

名称	必需	类型	说明
properties.virtualMachines	True	JitNetworkAccessPolicyVirtualMachine[]	Microsoft.Compute/virtualMachines 资源类型的配置。
kind		string	资源类型
properties.requests		JitNetworkAccessRequest[]

响应

名称	类型	说明
200 OK	JitNetworkAccessPolicy	还行
Other Status Codes	CloudError	描述操作失败的原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 流

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

Create JIT network access policy

示例请求

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}


import com.azure.resourcemanager.security.fluent.models.JitNetworkAccessRequestInner;
import com.azure.resourcemanager.security.models.JitNetworkAccessPolicyVirtualMachine;
import com.azure.resourcemanager.security.models.JitNetworkAccessPortRule;
import com.azure.resourcemanager.security.models.JitNetworkAccessRequestPort;
import com.azure.resourcemanager.security.models.JitNetworkAccessRequestVirtualMachine;
import com.azure.resourcemanager.security.models.Protocol;
import com.azure.resourcemanager.security.models.Status;
import com.azure.resourcemanager.security.models.StatusReason;
import java.time.OffsetDateTime;
import java.util.Arrays;

/**
 * Samples for JitNetworkAccessPolicies CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/
     * CreateJitNetworkAccessPolicy_example.json
     */
    /**
     * Sample code: Create JIT network access policy.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void createJITNetworkAccessPolicy(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.jitNetworkAccessPolicies().define("default").withExistingLocation("myRg1", "westeurope")
            .withVirtualMachines(Arrays.asList(new JitNetworkAccessPolicyVirtualMachine().withId(
                "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1")
                .withPorts(Arrays.asList(
                    new JitNetworkAccessPortRule().withNumber(22).withProtocol(Protocol.ASTERISK)
                        .withAllowedSourceAddressPrefix("*").withMaxRequestAccessDuration("PT3H"),
                    new JitNetworkAccessPortRule().withNumber(3389).withProtocol(Protocol.ASTERISK)
                        .withAllowedSourceAddressPrefix("*").withMaxRequestAccessDuration("PT3H")))))
            .withKind("Basic")
            .withRequests(Arrays.asList(new JitNetworkAccessRequestInner()
                .withVirtualMachines(Arrays.asList(new JitNetworkAccessRequestVirtualMachine().withId(
                    "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1")
                    .withPorts(Arrays.asList(
                        new JitNetworkAccessRequestPort().withNumber(3389).withAllowedSourceAddressPrefix("192.127.0.2")
                            .withEndTimeUtc(OffsetDateTime.parse("2018-05-17T09:06:45.5691611Z"))
                            .withStatus(Status.INITIATED).withStatusReason(StatusReason.USER_REQUESTED)))))
                .withStartTimeUtc(OffsetDateTime.parse("2018-05-17T08:06:45.5691611Z"))
                .withRequestor("barbara@contoso.com")))
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.security import SecurityCenter

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-security
# USAGE
    python create_jit_network_access_policy_example.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = SecurityCenter(
        credential=DefaultAzureCredential(),
        subscription_id="20ff7fc3-e762-44dd-bd96-b71116dcdc23",
    )

    response = client.jit_network_access_policies.create_or_update(
        resource_group_name="myRg1",
        asc_location="westeurope",
        jit_network_access_policy_name="default",
        body={
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
            "kind": "Basic",
            "location": "westeurope",
            "name": "default",
            "properties": {
                "provisioningState": "Succeeded",
                "requests": [
                    {
                        "requestor": "barbara@contoso.com",
                        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
                        "virtualMachines": [
                            {
                                "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
                                "ports": [
                                    {
                                        "allowedSourceAddressPrefix": "192.127.0.2",
                                        "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                                        "number": 3389,
                                        "status": "Initiated",
                                        "statusReason": "UserRequested",
                                    }
                                ],
                            }
                        ],
                    }
                ],
                "virtualMachines": [
                    {
                        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
                        "ports": [
                            {
                                "allowedSourceAddressPrefix": "*",
                                "maxRequestAccessDuration": "PT3H",
                                "number": 22,
                                "protocol": "*",
                            },
                            {
                                "allowedSourceAddressPrefix": "*",
                                "maxRequestAccessDuration": "PT3H",
                                "number": 3389,
                                "protocol": "*",
                            },
                        ],
                    }
                ],
            },
            "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
        },
    )
    print(response)


# x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/CreateJitNetworkAccessPolicy_example.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/CreateJitNetworkAccessPolicy_example.json
func ExampleJitNetworkAccessPoliciesClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewJitNetworkAccessPoliciesClient().CreateOrUpdate(ctx, "myRg1", "westeurope", "default", armsecurity.JitNetworkAccessPolicy{
		Kind:     to.Ptr("Basic"),
		Location: to.Ptr("westeurope"),
		Name:     to.Ptr("default"),
		Type:     to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
		ID:       to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
		Properties: &armsecurity.JitNetworkAccessPolicyProperties{
			ProvisioningState: to.Ptr("Succeeded"),
			Requests: []*armsecurity.JitNetworkAccessRequest{
				{
					Requestor:    to.Ptr("barbara@contoso.com"),
					StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t }()),
					VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
						{
							ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
							Ports: []*armsecurity.JitNetworkAccessRequestPort{
								{
									AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
									EndTimeUTC:                 to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t }()),
									Number:                     to.Ptr[int32](3389),
									Status:                     to.Ptr(armsecurity.StatusInitiated),
									StatusReason:               to.Ptr(armsecurity.StatusReasonUserRequested),
								}},
						}},
				}},
			VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
				{
					ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
					Ports: []*armsecurity.JitNetworkAccessPortRule{
						{
							AllowedSourceAddressPrefix: to.Ptr("*"),
							MaxRequestAccessDuration:   to.Ptr("PT3H"),
							Number:                     to.Ptr[int32](22),
							Protocol:                   to.Ptr(armsecurity.ProtocolAll),
						},
						{
							AllowedSourceAddressPrefix: to.Ptr("*"),
							MaxRequestAccessDuration:   to.Ptr("PT3H"),
							Number:                     to.Ptr[int32](3389),
							Protocol:                   to.Ptr(armsecurity.ProtocolAll),
						}},
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.JitNetworkAccessPolicy = armsecurity.JitNetworkAccessPolicy{
	// 	Kind: to.Ptr("Basic"),
	// 	Location: to.Ptr("westeurope"),
	// 	Name: to.Ptr("default"),
	// 	Type: to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
	// 	Properties: &armsecurity.JitNetworkAccessPolicyProperties{
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		Requests: []*armsecurity.JitNetworkAccessRequest{
	// 			{
	// 				Requestor: to.Ptr("barbara@contoso.com"),
	// 				StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t}()),
	// 				VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
	// 					{
	// 						ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 						Ports: []*armsecurity.JitNetworkAccessRequestPort{
	// 							{
	// 								AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
	// 								EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t}()),
	// 								Number: to.Ptr[int32](3389),
	// 								Status: to.Ptr(armsecurity.StatusInitiated),
	// 								StatusReason: to.Ptr(armsecurity.StatusReasonUserRequested),
	// 						}},
	// 				}},
	// 		}},
	// 		VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
	// 			{
	// 				ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 				Ports: []*armsecurity.JitNetworkAccessPortRule{
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](22),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 					},
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](3389),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 				}},
	// 		}},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Create a policy for protecting resources using Just-in-Time access control
 *
 * @summary Create a policy for protecting resources using Just-in-Time access control
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/CreateJitNetworkAccessPolicy_example.json
 */
async function createJitNetworkAccessPolicy() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg1";
  const ascLocation = "westeurope";
  const jitNetworkAccessPolicyName = "default";
  const body = {
    name: "default",
    type: "Microsoft.Security/locations/jitNetworkAccessPolicies",
    id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
    kind: "Basic",
    location: "westeurope",
    provisioningState: "Succeeded",
    requests: [
      {
        requestor: "barbara@contoso.com",
        startTimeUtc: new Date("2018-05-17T08:06:45.5691611Z"),
        virtualMachines: [
          {
            id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            ports: [
              {
                allowedSourceAddressPrefix: "192.127.0.2",
                endTimeUtc: new Date("2018-05-17T09:06:45.5691611Z"),
                number: 3389,
                status: "Initiated",
                statusReason: "UserRequested",
              },
            ],
          },
        ],
      },
    ],
    virtualMachines: [
      {
        id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        ports: [
          {
            allowedSourceAddressPrefix: "*",
            maxRequestAccessDuration: "PT3H",
            number: 22,
            protocol: "*",
          },
          {
            allowedSourceAddressPrefix: "*",
            maxRequestAccessDuration: "PT3H",
            number: 3389,
            protocol: "*",
          },
        ],
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.jitNetworkAccessPolicies.createOrUpdate(
    resourceGroupName,
    ascLocation,
    jitNetworkAccessPolicyName,
    body,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using System.Xml;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/CreateJitNetworkAccessPolicy_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);

// get the collection of this JitNetworkAccessPolicyResource
AzureLocation ascLocation = new AzureLocation("westeurope");
JitNetworkAccessPolicyCollection collection = resourceGroupResource.GetJitNetworkAccessPolicies(ascLocation);

// invoke the operation
string jitNetworkAccessPolicyName = "default";
JitNetworkAccessPolicyData data = new JitNetworkAccessPolicyData(new JitNetworkAccessPolicyVirtualMachine[]
{
new JitNetworkAccessPolicyVirtualMachine(new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"), new JitNetworkAccessPortRule[]
{
new JitNetworkAccessPortRule(22, JitNetworkAccessPortProtocol.All, XmlConvert.ToTimeSpan("PT3H"))
{
AllowedSourceAddressPrefix = "*",
},
new JitNetworkAccessPortRule(3389, JitNetworkAccessPortProtocol.All, XmlConvert.ToTimeSpan("PT3H"))
{
AllowedSourceAddressPrefix = "*",
}
})
})
{
    Requests = {new JitNetworkAccessRequestInfo(new JitNetworkAccessRequestVirtualMachine[]
    {
    new JitNetworkAccessRequestVirtualMachine(new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"), new JitNetworkAccessRequestPort[]
    {
    new JitNetworkAccessRequestPort(3389, DateTimeOffset.Parse("2018-05-17T09:06:45.5691611Z"), JitNetworkAccessPortStatus.Initiated, JitNetworkAccessPortStatusReason.UserRequested)
    {
    AllowedSourceAddressPrefix = "192.127.0.2",
    }
    })
    }, DateTimeOffset.Parse("2018-05-17T08:06:45.5691611Z"), "barbara@contoso.com")},
    Kind = "Basic",
};
ArmOperation<JitNetworkAccessPolicyResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, jitNetworkAccessPolicyName, data);
JitNetworkAccessPolicyResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
JitNetworkAccessPolicyData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:: 200

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}

定义

名称	说明
CloudError	所有 Azure 资源管理器 API 的常见错误响应，以返回失败操作的错误详细信息。（这也遵循 OData 错误响应格式）。
CloudErrorBody	错误详细信息。
ErrorAdditionalInfo	资源管理错误附加信息。
JitNetworkAccessPolicy
JitNetworkAccessPolicyVirtualMachine
JitNetworkAccessPortRule
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
protocol
status	端口的状态
statusReason	说明 `status` 为何具有其值

CloudError

Object

所有 Azure 资源管理器 API 的常见错误响应，以返回失败操作的错误详细信息。（这也遵循 OData 错误响应格式）。

名称	类型	说明
error.additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
error.code	string	错误代码。
error.details	CloudErrorBody[]	错误详细信息。
error.message	string	错误消息。
error.target	string	错误目标。

CloudErrorBody

Object

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	CloudErrorBody[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

ErrorAdditionalInfo

Object

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

JitNetworkAccessPolicy

Object

名称	类型	说明
id	string	资源 ID
kind	string	资源类型
location	string	存储资源的位置
name	string	资源名称
properties.provisioningState	string	获取实时策略的预配状态。
properties.requests	JitNetworkAccessRequest[]
properties.virtualMachines	JitNetworkAccessPolicyVirtualMachine[]	Microsoft.Compute/virtualMachines 资源类型的配置。
type	string	资源类型

JitNetworkAccessPolicyVirtualMachine

Object

名称	类型	说明
id	string	链接到此策略的虚拟机的资源 ID
ports	JitNetworkAccessPortRule[]	虚拟机的端口配置
publicIpAddress	string	链接到此策略的 Azure 防火墙的公共 IP 地址（如果适用）

JitNetworkAccessPortRule

Object

名称	类型	说明
allowedSourceAddressPrefix	string	与“allowedSourceAddressPrefixes”参数互斥。应为 IP 地址或 CIDR，例如“192.168.0.3”或“192.168.0.0/16”。
allowedSourceAddressPrefixes	string[]	与“allowedSourceAddressPrefix”参数互斥。
maxRequestAccessDuration	string	可以为其发出最长持续时间请求。采用 ISO 8601 持续时间格式。至少 5 分钟，最多 1 天
number	integer minimum: 0 maximum: 65535
protocol	protocol

JitNetworkAccessRequest

Object

名称	类型	说明
justification	string	发出启动请求的理由
requestor	string	发出请求的人员的身份
startTimeUtc	string (date-time)	请求的开始时间（UTC）
virtualMachines	JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

Object

名称	类型	说明
allowedSourceAddressPrefix	string	与“allowedSourceAddressPrefixes”参数互斥。应为 IP 地址或 CIDR，例如“192.168.0.3”或“192.168.0.0/16”。
allowedSourceAddressPrefixes	string[]	与“allowedSourceAddressPrefix”参数互斥。
endTimeUtc	string (date-time)	请求以 UTC 结束的日期 & 时间
mappedPort	integer	映射到 Azure 防火墙中此端口 `number` 的端口（如果适用）
number	integer minimum: 0 maximum: 65535
status	status	端口的状态
statusReason	statusReason	说明 `status` 为何具有其值

JitNetworkAccessRequestVirtualMachine

Object

名称	类型	说明
id	string	链接到此策略的虚拟机的资源 ID
ports	JitNetworkAccessRequestPort[]	为虚拟机打开的端口

protocol

枚举

值	说明
TCP
UDP
*

status

枚举

端口的状态

值	说明
Revoked
Initiated

statusReason

枚举

说明 status 为何具有其值

值	说明
Expired
UserRequested
NewerRequestInitiated