{ "swagger": "2.0", "schemes": [ "https" ], "host": "management.azure.com", "info": { "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", "title": "Security Center", "version": "2015-06-01-preview", "x-apisguru-categories": [ "cloud" ], "x-logo": { "url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png" }, "x-origin": [ { "format": "swagger", "url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/security/resource-manager/Microsoft.Security/preview/2015-06-01-preview/jitNetworkAccessPolicies.json", "version": "2.0" } ], "x-preferred": true, "x-providerName": "azure.com", "x-serviceName": "security-jitNetworkAccessPolicies", "x-tags": [ "Azure", "Microsoft" ], "x-datafire": { "name": "azure_security_jitnetworkaccesspolicies", "type": "openapi" } }, "consumes": [ "application/json" ], "produces": [ "application/json" ], "securityDefinitions": { "azure_auth": { "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", "description": "Azure Active Directory OAuth2 Flow", "flow": "implicit", "scopes": { "user_impersonation": "impersonate your user account" }, "type": "oauth2" } }, "security": [ { "azure_auth": [ "user_impersonation" ] } ], "parameters": { "JitNetworkAccessPolicy": { "in": "body", "name": "body", "required": true, "schema": { "$ref": "#/definitions/JitNetworkAccessPolicy" }, "x-ms-parameter-location": "method" }, "JitNetworkAccessPolicyInitiateRequest": { "in": "body", "name": "body", "required": true, "schema": { "$ref": "#/definitions/JitNetworkAccessPolicyInitiateRequest" }, "x-ms-parameter-location": "method" }, "JitNetworkAccessPolicyInitiateType": { "description": "Type of the action to do on the Just-in-Time access policy.", "enum": [ "initiate" ], "in": "path", "name": "jitNetworkAccessPolicyInitiateType", "required": true, "type": "string", "x-ms-parameter-location": "method" }, "JitNetworkAccessPolicyName": { "description": "Name of a Just-in-Time access configuration policy.", "in": "path", "name": "jitNetworkAccessPolicyName", "required": true, "type": "string", "x-ms-parameter-location": "method" } }, "paths": { "/subscriptions/{subscriptionId}/providers/Microsoft.Security/jitNetworkAccessPolicies": { "get": { "description": "Policies for protecting resources using Just-in-Time access control.", "operationId": "JitNetworkAccessPolicies_List", "parameters": [ { "description": "Azure subscription ID", "in": "path", "name": "subscriptionId", "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", "required": true, "type": "string" }, { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/JitNetworkAccessPoliciesList" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "JitNetworkAccessPolicies" ], "x-ms-examples": { "Get JIT network access policies on a subscription": { "parameters": { "api-version": "2015-06-01-preview", "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" }, "responses": { "200": { "body": { "value": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default", "kind": "Basic", "location": "westeurope", "name": "default", "properties": { "provisioningState": "Succeeded", "requests": [ { "justification": "testing a new version of the product", "requestor": "barbara@contoso.com", "startTimeUtc": "2018-05-17T08:06:45.5691611Z", "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "192.127.0.2", "endTimeUtc": "2018-05-17T09:06:45.5691611Z", "number": 3389, "status": "Initiated", "statusReason": "UserRequested" } ] } ] } ], "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 22, "protocol": "*" }, { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 3389, "protocol": "*" } ] } ] }, "type": "Microsoft.Security/locations/jitNetworkAccessPolicies" } ] } } } } }, "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies": { "get": { "description": "Policies for protecting resources using Just-in-Time access control for the subscription, location", "operationId": "JitNetworkAccessPolicies_ListByRegion", "parameters": [ { "description": "Azure subscription ID", "in": "path", "name": "subscriptionId", "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", "required": true, "type": "string" }, { "description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations", "in": "path", "name": "ascLocation", "required": true, "type": "string", "x-ms-parameter-location": "client" }, { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/JitNetworkAccessPoliciesList" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "JitNetworkAccessPolicies" ], "x-ms-examples": { "Get JIT network access policies on a subscription from a security data location": { "parameters": { "api-version": "2015-06-01-preview", "ascLocation": "westeurope", "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" }, "responses": { "200": { "body": { "value": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default", "kind": "Basic", "location": "westeurope", "name": "default", "properties": { "provisioningState": "Succeeded", "requests": [ { "justification": "testing a new version of the product", "requestor": "barbara@contoso.com", "startTimeUtc": "2018-05-17T08:06:45.5691611Z", "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "192.127.0.2", "endTimeUtc": "2018-05-17T09:06:45.5691611Z", "number": 3389, "status": "Initiated", "statusReason": "UserRequested" } ] } ] } ], "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 22, "protocol": "*" }, { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 3389, "protocol": "*" } ] } ] }, "type": "Microsoft.Security/locations/jitNetworkAccessPolicies" } ] } } } } }, "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/jitNetworkAccessPolicies": { "get": { "description": "Policies for protecting resources using Just-in-Time access control for the subscription, location", "operationId": "JitNetworkAccessPolicies_ListByResourceGroup", "parameters": [ { "description": "Azure subscription ID", "in": "path", "name": "subscriptionId", "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", "required": true, "type": "string" }, { "description": "The name of the resource group within the user's subscription. The name is case insensitive.", "in": "path", "maxLength": 90, "minLength": 1, "name": "resourceGroupName", "pattern": "^[-\\w\\._\\(\\)]+$", "required": true, "type": "string", "x-ms-parameter-location": "method" }, { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/JitNetworkAccessPoliciesList" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "JitNetworkAccessPolicies" ], "x-ms-examples": { "Get JIT network access policies on a resource group": { "parameters": { "api-version": "2015-06-01-preview", "resourceGroupName": "myRg1", "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" }, "responses": { "200": { "body": { "value": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default", "kind": "Basic", "location": "westeurope", "name": "default", "properties": { "provisioningState": "Succeeded", "requests": [ { "justification": "testing a new version of the product", "requestor": "barbara@contoso.com", "startTimeUtc": "2018-05-17T08:06:45.5691611Z", "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "192.127.0.2", "endTimeUtc": "2018-05-17T09:06:45.5691611Z", "number": 3389, "status": "Initiated", "statusReason": "UserRequested" } ] } ] } ], "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 22, "protocol": "*" }, { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 3389, "protocol": "*" } ] } ] }, "type": "Microsoft.Security/locations/jitNetworkAccessPolicies" } ] } } } } }, "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies": { "get": { "description": "Policies for protecting resources using Just-in-Time access control for the subscription, location", "operationId": "JitNetworkAccessPolicies_ListByResourceGroupAndRegion", "parameters": [ { "description": "Azure subscription ID", "in": "path", "name": "subscriptionId", "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", "required": true, "type": "string" }, { "description": "The name of the resource group within the user's subscription. The name is case insensitive.", "in": "path", "maxLength": 90, "minLength": 1, "name": "resourceGroupName", "pattern": "^[-\\w\\._\\(\\)]+$", "required": true, "type": "string", "x-ms-parameter-location": "method" }, { "description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations", "in": "path", "name": "ascLocation", "required": true, "type": "string", "x-ms-parameter-location": "client" }, { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/JitNetworkAccessPoliciesList" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "JitNetworkAccessPolicies" ], "x-ms-examples": { "Get JIT network access policies on a resource group from a security data location": { "parameters": { "api-version": "2015-06-01-preview", "ascLocation": "westeurope", "resourceGroupName": "myRg1", "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" }, "responses": { "200": { "body": { "value": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default", "kind": "Basic", "location": "westeurope", "name": "default", "properties": { "provisioningState": "Succeeded", "requests": [ { "justification": "testing a new version of the product", "requestor": "barbara@contoso.com", "startTimeUtc": "2018-05-17T08:06:45.5691611Z", "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "192.127.0.2", "endTimeUtc": "2018-05-17T09:06:45.5691611Z", "number": 3389, "status": "Initiated", "statusReason": "UserRequested" } ] } ] } ], "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 22, "protocol": "*" }, { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 3389, "protocol": "*" } ] } ] }, "type": "Microsoft.Security/locations/jitNetworkAccessPolicies" } ] } } } } }, "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}": { "delete": { "description": "Delete a Just-in-Time access control policy.", "operationId": "JitNetworkAccessPolicies_Delete", "parameters": [ { "description": "Azure subscription ID", "in": "path", "name": "subscriptionId", "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", "required": true, "type": "string" }, { "description": "The name of the resource group within the user's subscription. The name is case insensitive.", "in": "path", "maxLength": 90, "minLength": 1, "name": "resourceGroupName", "pattern": "^[-\\w\\._\\(\\)]+$", "required": true, "type": "string", "x-ms-parameter-location": "method" }, { "description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations", "in": "path", "name": "ascLocation", "required": true, "type": "string", "x-ms-parameter-location": "client" }, { "$ref": "#/parameters/JitNetworkAccessPolicyName" }, { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" } ], "responses": { "200": { "description": "OK - Resource was deleted" }, "204": { "description": "No Content - Resource does not exist" }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "JitNetworkAccessPolicies" ], "x-ms-examples": { "Delete a JIT network access policy": { "parameters": { "api-version": "2015-06-01-preview", "ascLocation": "westeurope", "jitNetworkAccessPolicyName": "default", "resourceGroupName": "myRg1", "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" }, "responses": { "200": {}, "204": {} } } } }, "get": { "description": "Policies for protecting resources using Just-in-Time access control for the subscription, location", "operationId": "JitNetworkAccessPolicies_Get", "parameters": [ { "description": "Azure subscription ID", "in": "path", "name": "subscriptionId", "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", "required": true, "type": "string" }, { "description": "The name of the resource group within the user's subscription. The name is case insensitive.", "in": "path", "maxLength": 90, "minLength": 1, "name": "resourceGroupName", "pattern": "^[-\\w\\._\\(\\)]+$", "required": true, "type": "string", "x-ms-parameter-location": "method" }, { "description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations", "in": "path", "name": "ascLocation", "required": true, "type": "string", "x-ms-parameter-location": "client" }, { "$ref": "#/parameters/JitNetworkAccessPolicyName" }, { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/JitNetworkAccessPolicy" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "JitNetworkAccessPolicies" ], "x-ms-examples": { "Get JIT network access policy": { "parameters": { "api-version": "2015-06-01-preview", "ascLocation": "westeurope", "jitNetworkAccessPolicyName": "default", "resourceGroupName": "myRg1", "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" }, "responses": { "200": { "body": { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default", "kind": "Basic", "location": "westeurope", "name": "default", "properties": { "provisioningState": "Succeeded", "requests": [ { "justification": "testing a new version of the product", "requestor": "barbara@contoso.com", "startTimeUtc": "2018-05-17T08:06:45.5691611Z", "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "192.127.0.2", "endTimeUtc": "2018-05-17T09:06:45.5691611Z", "number": 3389, "status": "Initiated", "statusReason": "UserRequested" } ] } ] } ], "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 22, "protocol": "*" }, { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 3389, "protocol": "*" } ] } ] }, "type": "Microsoft.Security/locations/jitNetworkAccessPolicies" } } } } } }, "put": { "description": "Create a policy for protecting resources using Just-in-Time access control", "operationId": "JitNetworkAccessPolicies_CreateOrUpdate", "parameters": [ { "description": "Azure subscription ID", "in": "path", "name": "subscriptionId", "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", "required": true, "type": "string" }, { "description": "The name of the resource group within the user's subscription. The name is case insensitive.", "in": "path", "maxLength": 90, "minLength": 1, "name": "resourceGroupName", "pattern": "^[-\\w\\._\\(\\)]+$", "required": true, "type": "string", "x-ms-parameter-location": "method" }, { "description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations", "in": "path", "name": "ascLocation", "required": true, "type": "string", "x-ms-parameter-location": "client" }, { "$ref": "#/parameters/JitNetworkAccessPolicyName" }, { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" }, { "$ref": "#/parameters/JitNetworkAccessPolicy" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/JitNetworkAccessPolicy" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "JitNetworkAccessPolicies" ], "x-ms-examples": { "Create JIT network access policy": { "parameters": { "api-version": "2015-06-01-preview", "ascLocation": "westeurope", "body": { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default", "kind": "Basic", "location": "westeurope", "name": "default", "properties": { "provisioningState": "Succeeded", "requests": [ { "requestor": "barbara@contoso.com", "startTimeUtc": "2018-05-17T08:06:45.5691611Z", "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "192.127.0.2", "endTimeUtc": "2018-05-17T09:06:45.5691611Z", "number": 3389, "status": "Initiated", "statusReason": "UserRequested" } ] } ] } ], "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 22, "protocol": "*" }, { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 3389, "protocol": "*" } ] } ] }, "type": "Microsoft.Security/locations/jitNetworkAccessPolicies" }, "jitNetworkAccessPolicyName": "default", "resourceGroupName": "myRg1", "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" }, "responses": { "200": { "body": { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default", "kind": "Basic", "location": "westeurope", "name": "default", "properties": { "provisioningState": "Succeeded", "requests": [ { "requestor": "barbara@contoso.com", "startTimeUtc": "2018-05-17T08:06:45.5691611Z", "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "192.127.0.2", "endTimeUtc": "2018-05-17T09:06:45.5691611Z", "number": 3389, "status": "Initiated", "statusReason": "UserRequested" } ] } ] } ], "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 22, "protocol": "*" }, { "allowedSourceAddressPrefix": "*", "maxRequestAccessDuration": "PT3H", "number": 3389, "protocol": "*" } ] } ] }, "type": "Microsoft.Security/locations/jitNetworkAccessPolicies" } } } } } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}/{jitNetworkAccessPolicyInitiateType}": { "post": { "description": "Initiate a JIT access from a specific Just-in-Time policy configuration.", "operationId": "JitNetworkAccessPolicies_Initiate", "parameters": [ { "description": "Azure subscription ID", "in": "path", "name": "subscriptionId", "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", "required": true, "type": "string" }, { "description": "The name of the resource group within the user's subscription. The name is case insensitive.", "in": "path", "maxLength": 90, "minLength": 1, "name": "resourceGroupName", "pattern": "^[-\\w\\._\\(\\)]+$", "required": true, "type": "string", "x-ms-parameter-location": "method" }, { "description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations", "in": "path", "name": "ascLocation", "required": true, "type": "string", "x-ms-parameter-location": "client" }, { "$ref": "#/parameters/JitNetworkAccessPolicyName" }, { "$ref": "#/parameters/JitNetworkAccessPolicyInitiateType" }, { "description": "API version for the operation", "in": "query", "name": "api-version", "required": true, "type": "string" }, { "$ref": "#/parameters/JitNetworkAccessPolicyInitiateRequest" } ], "responses": { "202": { "description": "Accepted", "schema": { "$ref": "#/definitions/JitNetworkAccessRequest" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "description": "Error response structure.", "properties": { "error": { "description": "Error details.", "properties": { "code": { "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", "readOnly": true, "type": "string" }, "message": { "description": "A message describing the error, intended to be suitable for display in a user interface.", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-external": true } }, "type": "object", "x-ms-external": true } } }, "tags": [ "JitNetworkAccessPolicies" ], "x-ms-examples": { "Initiate an action on a JIT network access policy": { "parameters": { "api-version": "2015-06-01-preview", "ascLocation": "westeurope", "body": { "justification": "testing a new version of the product", "virtualMachines": [ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "192.127.0.2", "duration": "PT1H", "number": 3389 } ] } ] }, "jitNetworkAccessPolicyInitiateType": "initiate", "jitNetworkAccessPolicyName": "default", "resourceGroupName": "myRg1", "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" }, "responses": { "202": { "body": { "justification": "testing a new version of the product", "requestor": "barbara@contoso.com", "startTimeUtc": "2018-07-12T08:53:03.3658798Z", "virtualMachines": [ { "id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", "ports": [ { "allowedSourceAddressPrefix": "192.127.0.2", "endTimeUtc": "2018-07-12T09:53:03.3658798Z", "number": 3389, "status": "Initiating", "statusReason": "UserRequested" } ] } ] } } } } } } } }, "definitions": { "JitNetworkAccessPoliciesList": { "properties": { "nextLink": { "description": "The URI to fetch the next page.", "readOnly": true, "type": "string" }, "value": { "items": { "$ref": "#/definitions/JitNetworkAccessPolicy" }, "type": "array" } }, "type": "object" }, "JitNetworkAccessPolicy": { "allOf": [ { "description": "Describes an Azure resource.", "properties": { "id": { "description": "Resource Id", "readOnly": true, "type": "string" }, "name": { "description": "Resource name", "readOnly": true, "type": "string" }, "type": { "description": "Resource type", "readOnly": true, "type": "string" } }, "type": "object", "x-ms-azure-resource": true }, { "description": "Describes an Azure resource with kind", "properties": { "kind": { "description": "Kind of the resource", "type": "string" } }, "type": "object" }, { "description": "Describes an Azure resource with location", "properties": { "location": { "description": "Location where the resource is stored", "readOnly": true, "type": "string" } }, "type": "object" } ], "properties": { "properties": { "$ref": "#/definitions/JitNetworkAccessPolicyProperties", "x-ms-client-flatten": true } }, "required": [ "properties" ], "type": "object" }, "JitNetworkAccessPolicyInitiatePort": { "properties": { "allowedSourceAddressPrefix": { "description": "Source of the allowed traffic. If omitted, the request will be for the source IP address of the initiate request.", "type": "string" }, "endTimeUtc": { "description": "The time to close the request in UTC", "format": "date-time", "type": "string" }, "number": { "$ref": "#/definitions/PortNumber" } }, "required": [ "endTimeUtc", "number" ], "type": "object" }, "JitNetworkAccessPolicyInitiateRequest": { "properties": { "justification": { "description": "The justification for making the initiate request", "type": "string" }, "virtualMachines": { "description": "A list of virtual machines & ports to open access for", "items": { "$ref": "#/definitions/JitNetworkAccessPolicyInitiateVirtualMachine" }, "type": "array" } }, "required": [ "virtualMachines" ], "type": "object" }, "JitNetworkAccessPolicyInitiateVirtualMachine": { "properties": { "id": { "description": "Resource ID of the virtual machine that is linked to this policy", "type": "string" }, "ports": { "description": "The ports to open for the resource with the `id`", "items": { "$ref": "#/definitions/JitNetworkAccessPolicyInitiatePort" }, "type": "array" } }, "required": [ "id", "ports" ], "type": "object" }, "JitNetworkAccessPolicyProperties": { "properties": { "provisioningState": { "description": "Gets the provisioning state of the Just-in-Time policy.", "readOnly": true, "type": "string" }, "requests": { "items": { "$ref": "#/definitions/JitNetworkAccessRequest" }, "type": "array" }, "virtualMachines": { "description": "Configurations for Microsoft.Compute/virtualMachines resource type.", "items": { "$ref": "#/definitions/JitNetworkAccessPolicyVirtualMachine" }, "type": "array" } }, "required": [ "virtualMachines" ], "type": "object" }, "JitNetworkAccessPolicyVirtualMachine": { "properties": { "id": { "description": "Resource ID of the virtual machine that is linked to this policy", "type": "string" }, "ports": { "description": "Port configurations for the virtual machine", "items": { "$ref": "#/definitions/JitNetworkAccessPortRule" }, "type": "array" }, "publicIpAddress": { "description": "Public IP address of the Azure Firewall that is linked to this policy, if applicable", "type": "string" } }, "required": [ "id", "ports" ], "type": "object" }, "JitNetworkAccessPortRule": { "properties": { "allowedSourceAddressPrefix": { "description": "Mutually exclusive with the \"allowedSourceAddressPrefixes\" parameter. Should be an IP address or CIDR, for example \"192.168.0.3\" or \"192.168.0.0/16\".", "type": "string" }, "allowedSourceAddressPrefixes": { "description": "Mutually exclusive with the \"allowedSourceAddressPrefix\" parameter.", "items": { "description": "IP address or CIDR, for example \"192.168.0.3\" or \"192.168.0.0/16\".", "type": "string" }, "type": "array" }, "maxRequestAccessDuration": { "description": "Maximum duration requests can be made for. In ISO 8601 duration format. Minimum 5 minutes, maximum 1 day", "type": "string" }, "number": { "$ref": "#/definitions/PortNumber" }, "protocol": { "enum": [ "TCP", "UDP", "*" ], "type": "string", "x-ms-enum": { "modelAsString": true, "name": "protocol", "values": [ { "value": "TCP" }, { "value": "UDP" }, { "name": "All", "value": "*" } ] } } }, "required": [ "maxRequestAccessDuration", "number", "protocol" ], "type": "object" }, "JitNetworkAccessRequest": { "properties": { "justification": { "description": "The justification for making the initiate request", "type": "string" }, "requestor": { "description": "The identity of the person who made the request", "type": "string" }, "startTimeUtc": { "description": "The start time of the request in UTC", "format": "date-time", "type": "string" }, "virtualMachines": { "items": { "$ref": "#/definitions/JitNetworkAccessRequestVirtualMachine" }, "type": "array" } }, "required": [ "requestor", "startTimeUtc", "virtualMachines" ], "type": "object" }, "JitNetworkAccessRequestPort": { "properties": { "allowedSourceAddressPrefix": { "description": "Mutually exclusive with the \"allowedSourceAddressPrefixes\" parameter. Should be an IP address or CIDR, for example \"192.168.0.3\" or \"192.168.0.0/16\".", "type": "string" }, "allowedSourceAddressPrefixes": { "description": "Mutually exclusive with the \"allowedSourceAddressPrefix\" parameter.", "items": { "description": "IP address or CIDR, for example \"192.168.0.3\" or \"192.168.0.0/16\".", "type": "string" }, "type": "array" }, "endTimeUtc": { "description": "The date & time at which the request ends in UTC", "format": "date-time", "type": "string" }, "mappedPort": { "description": "The port which is mapped to this port's `number` in the Azure Firewall, if applicable", "type": "integer" }, "number": { "$ref": "#/definitions/PortNumber" }, "status": { "description": "The status of the port", "enum": [ "Revoked", "Initiated" ], "type": "string", "x-ms-enum": { "modelAsString": true, "name": "status", "values": [ { "value": "Revoked" }, { "value": "Initiated" } ] } }, "statusReason": { "description": "A description of why the `status` has its value", "enum": [ "Expired", "UserRequested", "NewerRequestInitiated" ], "type": "string", "x-ms-enum": { "modelAsString": true, "name": "statusReason", "values": [ { "value": "Expired" }, { "value": "UserRequested" }, { "value": "NewerRequestInitiated" } ] } } }, "required": [ "endTimeUtc", "number", "status", "statusReason" ], "type": "object" }, "JitNetworkAccessRequestVirtualMachine": { "properties": { "id": { "description": "Resource ID of the virtual machine that is linked to this policy", "type": "string" }, "ports": { "description": "The ports that were opened for the virtual machine", "items": { "$ref": "#/definitions/JitNetworkAccessRequestPort" }, "type": "array" } }, "required": [ "id", "ports" ], "type": "object" }, "PortNumber": { "maximum": 65535, "minimum": 0, "type": "integer" } } }