You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/microsoft-defender-cloud-threat-protection/includes/17-monitor-network-security-events-performance-data.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -92,8 +92,8 @@ It will take a few minutes for the agent to be installed and start running any n
92
92
93
93
Go through the following steps if you aren't collecting data that you're expecting.
94
94
95
-
- Verify that the agent is installed and running on the machine.
96
-
- See the Troubleshooting section of the article for the data source you're having trouble with.
97
-
- See [Monitor and troubleshoot DCR data collection in Azure Monitor](/azure/azure-monitor/essentials/data-collection-monitor) to enable monitoring for the DCR.
95
+
1. Verify that the agent is installed and running on the machine.
96
+
2. See the Troubleshooting section of the article for the data source you're having trouble with.
97
+
3. See [Monitor and troubleshoot DCR data collection in Azure Monitor](/azure/azure-monitor/essentials/data-collection-monitor) to enable monitoring for the DCR.
98
98
- View metrics to determine if data is being collected and whether any rows are being dropped.
99
99
- View logs to identify errors in the data collection.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/microsoft-defender-cloud-threat-protection/includes/20-enable-just-in-time-access.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,11 +18,11 @@ In this unit, you learn how to set up and use just-in-time access, including how
18
18
- You need Reader and SecurityReader permissions, or a custom role can view the JIT status and parameters.
19
19
- For a custom role, assign the permissions summarized in the table. To create a least-privileged role for users that only need to request JIT access to a VM, use the [Set-JitLeastPrivilegedRole script](https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts/JIT%20Scripts/JIT%20Custom%20Role).
| Configure or edit a JIT policy for a VM |**Assign these actions to the role**:On the scope of a subscription (or resource group when using API or PowerShell only) that is associated with the VM:<br>Microsoft.Security/locations/jitNetworkAccessPolicies/writeOn the scope of a subscription (or resource group when using API or PowerShell only) of VM:<br>Microsoft.Compute/virtualMachines/write |
24
-
| Request JIT access to a VM |**Assign these actions to the user**:Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/actionMicrosoft.Security/locations/jitNetworkAccessPolicies/\*/readMicrosoft.Compute/virtualMachines/readMicrosoft.Network/networkInterfaces/\*/readMicrosoft.Network/publicIPAddresses/read|
25
-
| Read JIT policies |**Assign these actions to the user**:Microsoft.Security/locations/jitNetworkAccessPolicies/readMicrosoft.Security/locations/jitNetworkAccessPolicies/initiate/actionMicrosoft.Security/policies/readMicrosoft.Security/pricings/readMicrosoft.Compute/virtualMachines/readMicrosoft.Network/\*/read|
| Configure or edit a JIT policy for a VM |**Assign these actions to the role**:<br>On the scope of a subscription (or resource group when using API or PowerShell only) that is associated with the VM:<br>Microsoft.Security/locations/jitNetworkAccessPolicies/write<br><br>On the scope of a subscription (or resource group when using API or PowerShell only) of VM:<br>Microsoft.Compute/virtualMachines/write<br>|
24
+
| Request JIT access to a VM |**Assign these actions to the user**:<br>Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action<br>Microsoft.Security/locations/jitNetworkAccessPolicies/\*/read<br>Microsoft.Compute/virtualMachines/read<br>Microsoft.Network/networkInterfaces/\*/read<br>Microsoft.Network/publicIPAddresses/read<br>|
25
+
| Read JIT policies |**Assign these actions to the user**:<br>Microsoft.Security/locations/jitNetworkAccessPolicies/read<br>Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action<br>Microsoft.Security/policies/read<br>Microsoft.Security/pricings/read<br>Microsoft.Compute/virtualMachines/read<br>Microsoft.Network/\*/read<br>|
26
26
27
27
> [!NOTE]
28
28
> Only the Microsoft.Security permissions are relevant for AWS. To create a least-privileged role for users that only need to request JIT access to a VM, use the Set-JitLeastPrivilegedRole script.
0 commit comments