Configure Management of Azure Virtual Machine for Remote Desktop Access

Configuring Access and Management of Azure Virtual Machine (VM1) for Remote Desktop

Prev Question Next Question

Question

You have an Azure virtual machine named VM1 that runs Windows Server.

You need to configure the management of VM1 to meet the following requirements:

-> Require administrators to request access to VM1 before establishing a Remote Desktop connection.

-> Limit access to VM1 from specific source IP addresses.

-> Limit access to VM1 to a specific management port.

What should you configure?

Answers

A. a network security group (NSG)

B. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

C. Microsoft Defender for Cloud

D. Azure Front Door

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc

The correct answer is A. a network security group (NSG).

A network security group (NSG) is a filtering layer for network traffic to and from Azure resources. It allows you to control access to your virtual machines (VMs) by creating inbound and outbound security rules that permit or deny traffic based on the source or destination IP address, port, and protocol.

To configure the management of VM1 to meet the given requirements, you can create an NSG and associate it with the virtual network that contains VM1. Then, you can create inbound security rules in the NSG to limit access to VM1 from specific source IP addresses and a specific management port. Additionally, you can create an outbound security rule to require administrators to request access to VM1 before establishing a Remote Desktop connection.

Here are the steps to configure an NSG to meet the requirements:

Create an NSG: Go to the Azure portal and search for "Network Security Group" in the search box. Click "Create" and follow the prompts to create an NSG.
Associate the NSG with the virtual network: In the Azure portal, navigate to the virtual network that contains VM1. Under the "Settings" section, click "Subnets" and select the subnet that contains VM1. In the "Subnet" blade, click "Associate" under the "Network security group" section and select the NSG you created in step 1.
Create inbound security rules: In the NSG blade, click "Inbound security rules" and click "Add" to create a new rule. Configure the following settings:

Source: Select "IP addresses" and enter the specific source IP addresses that should have access to VM1.
Destination: Select "Virtual network" and enter the IP address of VM1.
Port: Enter the specific management port that should be used to access VM1.
Protocol: Select "TCP".
Action: Select "Allow".

Repeat this process to create additional inbound rules as needed.

Create an outbound security rule: In the NSG blade, click "Outbound security rules" and click "Add" to create a new rule. Configure the following settings:

Source: Select "Virtual network" and enter the IP address of VM1.
Destination: Select "IP addresses" and enter the IP address range that should be allowed to connect to VM1 using Remote Desktop.
Port: Enter the Remote Desktop port (default is 3389).
Protocol: Select "TCP".
Action: Select "Deny".

This outbound rule will require administrators to request access to VM1 before establishing a Remote Desktop connection.

After completing these steps, the NSG will be configured to meet the requirements of the scenario.

Prev Question Next Question