本文介绍了潜在的错误积极警报 - JIT规则的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 29岁程序员，3月因学历无情被辞！ HI， 在Windows vm上启用JIT后，规则被添加到NSG以阻止RDP。此规则取代了另一个允许rdp的规则。我希望安全中心能够理解RDP被阻止而不会发出警报。有问题的形象。将在后贴上 解决方案 根据我的理解，这是Azure安全中心中JIT功能的目的，因为JIT旨在通过限制管理端口（RDP，SSH）打开的时间来减少暴力攻击的风险管理端口的目标是，可以轻松访问虚拟机。 这些端口只需在执行维护任务时打开，因此，当启用JIT时，安全中心使用NSG来限制对管理端口的访问，以便攻击者无法对其进行定位。此外，他的规则将是您的网络安全组的最高优先级，或者比现有规则更低的优先级，这取决于Azure安全中心执行的分析确定规则是否安全。 但是，当用户请求访问VM安全中心时，检查用户是否具有访问VM的RBAC权限。一旦请求获得批准，安全中心将自动配置NSG，以允许指定时间段内所请求的源IP地址或范围的所选端口的入站流量，并在时间到期后将NSG恢复到之前的状态。  HI,After enabling JIT on a windows vm a rule was added to the NSG to block RDP. This rule superceeds another rule that allows rdp. I would expect Security Centre to understand that RDP is blocked and not raise an alarm. Have image of issue. Will attach after post 解决方案 As per my understanding this is the purpose of JIT feature in Azure Security Center as JIT is designed to reduce the exposure to a brute force attack by limiting the amount of time a management port(RDP, SSH) is open as the management ports are targeted easily to gain access to a VM.  These ports only need to open while performing a maintenance task, so, when a JIT is enabled Security Center uses NSG's to restrict access to management ports so that they cannot be targetted by attackers. Also, the rules will either be the top priority of your Network Security Groups, or lower priority than existing rules that are already there and this depends on an analysis performed by Azure Security Center that determines whether a rule is secure or not.However, when a user request access to a VM Security center checks if the user has RBAC permissions to access the VM. Once the request is approved, Security center automatically configure NSG's to allow inbound traffic to the selected ports for the requested source IP addresses or ranges for the specified period of time and restores the NSG's to previous state after the time expires.  这篇关于潜在的错误积极警报 - JIT规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！