Today I had to enable Just-in-time access for a client at subscription level to all the high privileged roles. It was my first time implementing it. This blog is about how you can implement the same for VM users with maximum activatation duration of 2 hours.
The steps to implement are as following:
Search and open Privileged Identity Management.
Select the Azure Resources. If you are adding new resources into PIM then click on “Discover Resources”.
Search for the resource and click “Manage resource”.
I have selected Pay-As-You-Go subscription in this case.
Once this has been registered, click on the resource. Select “Roles under Manage”. Search for Virtual Machine User Login and click it.
Select Settings and click edit. By default the “Activation maximum duration” is 8 hours change it to 2.
Once this is done Click “Add Member” and add the members for whom you wish to enable access to the VM for the duration of 2 hours only.
Once this is enabled any user who needs to access the VM has to login into Azure portal go to PIM and have to activate its role as below.
I hope it helps!