In this post we will see how to create a custom role via the portal and give to a user the ability to request access to one or more virtual machines via JIT vm access.

JIT Just in Time vm access is a network security feature wich permit to lock down inbound traffic to your Azure VMs This reduces exposure to attacks while providing easy access to

connect to VMs when needed. or more information about JIT in security center :

To begin Go to your susbscription or your resource group and add a role assignement. You should be able to get the add custom role feature in the list . Click on that

I want to create a custom role named “JIT user” who will allow a member of my project team for example to access a particular VM .


Permission section is blank since i’ve choosed to start from scratch .

Click on Add permissions and in you right hand side search for JIT and select Microsoft Security .

Now in this section you have to choose what rights your users need to have . In my case: just the abilty to see the vm in the scope and initiate a request .

Awsome now click Review plus create to see the summary and create the role .

Once the JIT user role have been created you can add a role assignment 

and check  it after creation ;


Ibrahima Mbodji

Passionné de nouvelles technologies


%d bloggers like this: