Security Center
API spec for Microsoft
COMMUNITYBEARER0 INSTALLS
OpenAPI Specificationv3.0
{
"swagger": "2.0",
"schemes": [
"https"
],
"host": "management.azure.com",
"info": {
"description": "API spec for Microsoft.Security (Azure Security Center) resource provider",
"title": "Security Center",
"version": "2015-06-01-preview",
"x-apisguru-categories": [
"cloud"
],
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png"
},
"x-origin": [
{
"format": "swagger",
"url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/security/resource-manager/Microsoft.Security/preview/2015-06-01-preview/jitNetworkAccessPolicies.json",
"version": "2.0"
}
],
"x-providerName": "azure.com",
"x-serviceName": "security-jitNetworkAccessPolicies",
"x-tags": [
"Azure",
"Microsoft"
]
},
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"securityDefinitions": {
"azure_auth": {
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"description": "Azure Active Directory OAuth2 Flow",
"flow": "implicit",
"scopes": {
"user_impersonation": "impersonate your user account"
},
"type": "oauth2"
}
},
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"parameters": {
"JitNetworkAccessPolicy": {
"in": "body",
"name": "body",
"required": true,
"schema": {
"$ref": "#/definitions/JitNetworkAccessPolicy"
},
"x-ms-parameter-location": "method"
},
"JitNetworkAccessPolicyInitiateRequest": {
"in": "body",
"name": "body",
"required": true,
"schema": {
"$ref": "#/definitions/JitNetworkAccessPolicyInitiateRequest"
},
"x-ms-parameter-location": "method"
},
"JitNetworkAccessPolicyInitiateType": {
"description": "Type of the action to do on the Just-in-Time access policy.",
"enum": [
"initiate"
],
"in": "path",
"name": "jitNetworkAccessPolicyInitiateType",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"JitNetworkAccessPolicyName": {
"description": "Name of a Just-in-Time access configuration policy.",
"in": "path",
"name": "jitNetworkAccessPolicyName",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
}
},
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.Security/jitNetworkAccessPolicies": {
"get": {
"description": "Policies for protecting resources using Just-in-Time access control.",
"operationId": "JitNetworkAccessPolicies_List",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/JitNetworkAccessPoliciesList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"JitNetworkAccessPolicies"
],
"x-ms-examples": {
"Get JIT network access policies on a subscription": {
"parameters": {
"api-version": "2015-06-01-preview",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
"kind": "Basic",
"location": "westeurope",
"name": "default",
"properties": {
"provisioningState": "Succeeded",
"requests": [
{
"justification": "testing a new version of the product",
"requestor": "barbara@contoso.com",
"startTimeUtc": "2018-05-17T08:06:45.5691611Z",
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "192.127.0.2",
"endTimeUtc": "2018-05-17T09:06:45.5691611Z",
"number": 3389,
"status": "Initiated",
"statusReason": "UserRequested"
}
]
}
]
}
],
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 22,
"protocol": "*"
},
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 3389,
"protocol": "*"
}
]
}
]
},
"type": "Microsoft.Security/locations/jitNetworkAccessPolicies"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies": {
"get": {
"description": "Policies for protecting resources using Just-in-Time access control for the subscription, location",
"operationId": "JitNetworkAccessPolicies_ListByRegion",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations",
"in": "path",
"name": "ascLocation",
"required": true,
"type": "string",
"x-ms-parameter-location": "client"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/JitNetworkAccessPoliciesList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"JitNetworkAccessPolicies"
],
"x-ms-examples": {
"Get JIT network access policies on a subscription from a security data location": {
"parameters": {
"api-version": "2015-06-01-preview",
"ascLocation": "westeurope",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
"kind": "Basic",
"location": "westeurope",
"name": "default",
"properties": {
"provisioningState": "Succeeded",
"requests": [
{
"justification": "testing a new version of the product",
"requestor": "barbara@contoso.com",
"startTimeUtc": "2018-05-17T08:06:45.5691611Z",
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "192.127.0.2",
"endTimeUtc": "2018-05-17T09:06:45.5691611Z",
"number": 3389,
"status": "Initiated",
"statusReason": "UserRequested"
}
]
}
]
}
],
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 22,
"protocol": "*"
},
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 3389,
"protocol": "*"
}
]
}
]
},
"type": "Microsoft.Security/locations/jitNetworkAccessPolicies"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/jitNetworkAccessPolicies": {
"get": {
"description": "Policies for protecting resources using Just-in-Time access control for the subscription, location",
"operationId": "JitNetworkAccessPolicies_ListByResourceGroup",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/JitNetworkAccessPoliciesList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"JitNetworkAccessPolicies"
],
"x-ms-examples": {
"Get JIT network access policies on a resource group": {
"parameters": {
"api-version": "2015-06-01-preview",
"resourceGroupName": "myRg1",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
"kind": "Basic",
"location": "westeurope",
"name": "default",
"properties": {
"provisioningState": "Succeeded",
"requests": [
{
"justification": "testing a new version of the product",
"requestor": "barbara@contoso.com",
"startTimeUtc": "2018-05-17T08:06:45.5691611Z",
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "192.127.0.2",
"endTimeUtc": "2018-05-17T09:06:45.5691611Z",
"number": 3389,
"status": "Initiated",
"statusReason": "UserRequested"
}
]
}
]
}
],
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 22,
"protocol": "*"
},
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 3389,
"protocol": "*"
}
]
}
]
},
"type": "Microsoft.Security/locations/jitNetworkAccessPolicies"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies": {
"get": {
"description": "Policies for protecting resources using Just-in-Time access control for the subscription, location",
"operationId": "JitNetworkAccessPolicies_ListByResourceGroupAndRegion",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations",
"in": "path",
"name": "ascLocation",
"required": true,
"type": "string",
"x-ms-parameter-location": "client"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/JitNetworkAccessPoliciesList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"JitNetworkAccessPolicies"
],
"x-ms-examples": {
"Get JIT network access policies on a resource group from a security data location": {
"parameters": {
"api-version": "2015-06-01-preview",
"ascLocation": "westeurope",
"resourceGroupName": "myRg1",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
"kind": "Basic",
"location": "westeurope",
"name": "default",
"properties": {
"provisioningState": "Succeeded",
"requests": [
{
"justification": "testing a new version of the product",
"requestor": "barbara@contoso.com",
"startTimeUtc": "2018-05-17T08:06:45.5691611Z",
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "192.127.0.2",
"endTimeUtc": "2018-05-17T09:06:45.5691611Z",
"number": 3389,
"status": "Initiated",
"statusReason": "UserRequested"
}
]
}
]
}
],
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 22,
"protocol": "*"
},
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 3389,
"protocol": "*"
}
]
}
]
},
"type": "Microsoft.Security/locations/jitNetworkAccessPolicies"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}": {
"delete": {
"description": "Delete a Just-in-Time access control policy.",
"operationId": "JitNetworkAccessPolicies_Delete",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations",
"in": "path",
"name": "ascLocation",
"required": true,
"type": "string",
"x-ms-parameter-location": "client"
},
{
"$ref": "#/parameters/JitNetworkAccessPolicyName"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK - Resource was deleted"
},
"204": {
"description": "No Content - Resource does not exist"
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"JitNetworkAccessPolicies"
],
"x-ms-examples": {
"Delete a JIT network access policy": {
"parameters": {
"api-version": "2015-06-01-preview",
"ascLocation": "westeurope",
"jitNetworkAccessPolicyName": "default",
"resourceGroupName": "myRg1",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {},
"204": {}
}
}
}
},
"get": {
"description": "Policies for protecting resources using Just-in-Time access control for the subscription, location",
"operationId": "JitNetworkAccessPolicies_Get",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations",
"in": "path",
"name": "ascLocation",
"required": true,
"type": "string",
"x-ms-parameter-location": "client"
},
{
"$ref": "#/parameters/JitNetworkAccessPolicyName"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/JitNetworkAccessPolicy"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"JitNetworkAccessPolicies"
],
"x-ms-examples": {
"Get JIT network access policy": {
"parameters": {
"api-version": "2015-06-01-preview",
"ascLocation": "westeurope",
"jitNetworkAccessPolicyName": "default",
"resourceGroupName": "myRg1",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
"kind": "Basic",
"location": "westeurope",
"name": "default",
"properties": {
"provisioningState": "Succeeded",
"requests": [
{
"justification": "testing a new version of the product",
"requestor": "barbara@contoso.com",
"startTimeUtc": "2018-05-17T08:06:45.5691611Z",
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "192.127.0.2",
"endTimeUtc": "2018-05-17T09:06:45.5691611Z",
"number": 3389,
"status": "Initiated",
"statusReason": "UserRequested"
}
]
}
]
}
],
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 22,
"protocol": "*"
},
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 3389,
"protocol": "*"
}
]
}
]
},
"type": "Microsoft.Security/locations/jitNetworkAccessPolicies"
}
}
}
}
}
},
"put": {
"description": "Create a policy for protecting resources using Just-in-Time access control",
"operationId": "JitNetworkAccessPolicies_CreateOrUpdate",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations",
"in": "path",
"name": "ascLocation",
"required": true,
"type": "string",
"x-ms-parameter-location": "client"
},
{
"$ref": "#/parameters/JitNetworkAccessPolicyName"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"$ref": "#/parameters/JitNetworkAccessPolicy"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/JitNetworkAccessPolicy"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"JitNetworkAccessPolicies"
],
"x-ms-examples": {
"Create JIT network access policy": {
"parameters": {
"api-version": "2015-06-01-preview",
"ascLocation": "westeurope",
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
"kind": "Basic",
"location": "westeurope",
"name": "default",
"properties": {
"provisioningState": "Succeeded",
"requests": [
{
"requestor": "barbara@contoso.com",
"startTimeUtc": "2018-05-17T08:06:45.5691611Z",
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "192.127.0.2",
"endTimeUtc": "2018-05-17T09:06:45.5691611Z",
"number": 3389,
"status": "Initiated",
"statusReason": "UserRequested"
}
]
}
]
}
],
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 22,
"protocol": "*"
},
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 3389,
"protocol": "*"
}
]
}
]
},
"type": "Microsoft.Security/locations/jitNetworkAccessPolicies"
},
"jitNetworkAccessPolicyName": "default",
"resourceGroupName": "myRg1",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
"kind": "Basic",
"location": "westeurope",
"name": "default",
"properties": {
"provisioningState": "Succeeded",
"requests": [
{
"requestor": "barbara@contoso.com",
"startTimeUtc": "2018-05-17T08:06:45.5691611Z",
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "192.127.0.2",
"endTimeUtc": "2018-05-17T09:06:45.5691611Z",
"number": 3389,
"status": "Initiated",
"statusReason": "UserRequested"
}
]
}
]
}
],
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 22,
"protocol": "*"
},
{
"allowedSourceAddressPrefix": "*",
"maxRequestAccessDuration": "PT3H",
"number": 3389,
"protocol": "*"
}
]
}
]
},
"type": "Microsoft.Security/locations/jitNetworkAccessPolicies"
}
}
}
}
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}/{jitNetworkAccessPolicyInitiateType}": {
"post": {
"description": "Initiate a JIT access from a specific Just-in-Time policy configuration.",
"operationId": "JitNetworkAccessPolicies_Initiate",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations",
"in": "path",
"name": "ascLocation",
"required": true,
"type": "string",
"x-ms-parameter-location": "client"
},
{
"$ref": "#/parameters/JitNetworkAccessPolicyName"
},
{
"$ref": "#/parameters/JitNetworkAccessPolicyInitiateType"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"$ref": "#/parameters/JitNetworkAccessPolicyInitiateRequest"
}
],
"responses": {
"202": {
"description": "Accepted",
"schema": {
"$ref": "#/definitions/JitNetworkAccessRequest"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"JitNetworkAccessPolicies"
],
"x-ms-examples": {
"Initiate an action on a JIT network access policy": {
"parameters": {
"api-version": "2015-06-01-preview",
"ascLocation": "westeurope",
"body": {
"justification": "testing a new version of the product",
"virtualMachines": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "192.127.0.2",
"duration": "PT1H",
"number": 3389
}
]
}
]
},
"jitNetworkAccessPolicyInitiateType": "initiate",
"jitNetworkAccessPolicyName": "default",
"resourceGroupName": "myRg1",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"202": {
"body": {
"justification": "testing a new version of the product",
"requestor": "barbara@contoso.com",
"startTimeUtc": "2018-07-12T08:53:03.3658798Z",
"virtualMachines": [
{
"id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"ports": [
{
"allowedSourceAddressPrefix": "192.127.0.2",
"endTimeUtc": "2018-07-12T09:53:03.3658798Z",
"number": 3389,
"status": "Initiating",
"statusReason": "UserRequested"
}
]
}
]
}
}
}
}
}
}
}
},
"definitions": {
"JitNetworkAccessPoliciesList": {
"properties": {
"nextLink": {
"description": "The URI to fetch the next page.",
"readOnly": true,
"type": "string"
},
"value": {
"items": {
"$ref": "#/definitions/JitNetworkAccessPolicy"
},
"type": "array"
}
},
"type": "object"
},
"JitNetworkAccessPolicy": {
"allOf": [
{
"description": "Describes an Azure resource.",
"properties": {
"id": {
"description": "Resource Id",
"readOnly": true,
"type": "string"
},
"name": {
"description": "Resource name",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Resource type",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-azure-resource": true
},
{
"description": "Describes an Azure resource with kind",
"properties": {
"kind": {
"description": "Kind of the resource",
"type": "string"
}
},
"type": "object"
},
{
"description": "Describes an Azure resource with location",
"properties": {
"location": {
"description": "Location where the resource is stored",
"readOnly": true,
"type": "string"
}
},
"type": "object"
}
],
"properties": {
"properties": {
"$ref": "#/definitions/JitNetworkAccessPolicyProperties",
"x-ms-client-flatten": true
}
},
"required": [
"properties"
],
"type": "object"
},
"JitNetworkAccessPolicyInitiatePort": {
"properties": {
"allowedSourceAddressPrefix": {
"description": "Source of the allowed traffic. If omitted, the request will be for the source IP address of the initiate request.",
"type": "string"
},
"endTimeUtc": {
"description": "The time to close the request in UTC",
"format": "date-time",
"type": "string"
},
"number": {
"$ref": "#/definitions/PortNumber"
}
},
"required": [
"endTimeUtc",
"number"
],
"type": "object"
},
"JitNetworkAccessPolicyInitiateRequest": {
"properties": {
"justification": {
"description": "The justification for making the initiate request",
"type": "string"
},
"virtualMachines": {
"description": "A list of virtual machines & ports to open access for",
"items": {
"$ref": "#/definitions/JitNetworkAccessPolicyInitiateVirtualMachine"
},
"type": "array"
}
},
"required": [
"virtualMachines"
],
"type": "object"
},
"JitNetworkAccessPolicyInitiateVirtualMachine": {
"properties": {
"id": {
"description": "Resource ID of the virtual machine that is linked to this policy",
"type": "string"
},
"ports": {
"description": "The ports to open for the resource with the `id`",
"items": {
"$ref": "#/definitions/JitNetworkAccessPolicyInitiatePort"
},
"type": "array"
}
},
"required": [
"id",
"ports"
],
"type": "object"
},
"JitNetworkAccessPolicyProperties": {
"properties": {
"provisioningState": {
"description": "Gets the provisioning state of the Just-in-Time policy.",
"readOnly": true,
"type": "string"
},
"requests": {
"items": {
"$ref": "#/definitions/JitNetworkAccessRequest"
},
"type": "array"
},
"virtualMachines": {
"description": "Configurations for Microsoft.Compute/virtualMachines resource type.",
"items": {
"$ref": "#/definitions/JitNetworkAccessPolicyVirtualMachine"
},
"type": "array"
}
},
"required": [
"virtualMachines"
],
"type": "object"
},
"JitNetworkAccessPolicyVirtualMachine": {
"properties": {
"id": {
"description": "Resource ID of the virtual machine that is linked to this policy",
"type": "string"
},
"ports": {
"description": "Port configurations for the virtual machine",
"items": {
"$ref": "#/definitions/JitNetworkAccessPortRule"
},
"type": "array"
},
"publicIpAddress": {
"description": "Public IP address of the Azure Firewall that is linked to this policy, if applicable",
"type": "string"
}
},
"required": [
"id",
"ports"
],
"type": "object"
},
"JitNetworkAccessPortRule": {
"properties": {
"allowedSourceAddressPrefix": {
"description": "Mutually exclusive with the \"allowedSourceAddressPrefixes\" parameter. Should be an IP address or CIDR, for example \"192.168.0.3\" or \"192.168.0.0/16\".",
"type": "string"
},
"allowedSourceAddressPrefixes": {
"description": "Mutually exclusive with the \"allowedSourceAddressPrefix\" parameter.",
"items": {
"description": "IP address or CIDR, for example \"192.168.0.3\" or \"192.168.0.0/16\".",
"type": "string"
},
"type": "array"
},
"maxRequestAccessDuration": {
"description": "Maximum duration requests can be made for. In ISO 8601 duration format. Minimum 5 minutes, maximum 1 day",
"type": "string"
},
"number": {
"$ref": "#/definitions/PortNumber"
},
"protocol": {
"enum": [
"TCP",
"UDP",
"*"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "protocol",
"values": [
{
"value": "TCP"
},
{
"value": "UDP"
},
{
"name": "All",
"value": "*"
}
]
}
}
},
"required": [
"maxRequestAccessDuration",
"number",
"protocol"
],
"type": "object"
},
"JitNetworkAccessRequest": {
"properties": {
"justification": {
"description": "The justification for making the initiate request",
"type": "string"
},
"requestor": {
"description": "The identity of the person who made the request",
"type": "string"
},
"startTimeUtc": {
"description": "The start time of the request in UTC",
"format": "date-time",
"type": "string"
},
"virtualMachines": {
"items": {
"$ref": "#/definitions/JitNetworkAccessRequestVirtualMachine"
},
"type": "array"
}
},
"required": [
"requestor",
"startTimeUtc",
"virtualMachines"
],
"type": "object"
},
"JitNetworkAccessRequestPort": {
"properties": {
"allowedSourceAddressPrefix": {
"description": "Mutually exclusive with the \"allowedSourceAddressPrefixes\" parameter. Should be an IP address or CIDR, for example \"192.168.0.3\" or \"192.168.0.0/16\".",
"type": "string"
},
"allowedSourceAddressPrefixes": {
"description": "Mutually exclusive with the \"allowedSourceAddressPrefix\" parameter.",
"items": {
"description": "IP address or CIDR, for example \"192.168.0.3\" or \"192.168.0.0/16\".",
"type": "string"
},
"type": "array"
},
"endTimeUtc": {
"description": "The date & time at which the request ends in UTC",
"format": "date-time",
"type": "string"
},
"mappedPort": {
"description": "The port which is mapped to this port's `number` in the Azure Firewall, if applicable",
"type": "integer"
},
"number": {
"$ref": "#/definitions/PortNumber"
},
"status": {
"description": "The status of the port",
"enum": [
"Revoked",
"Initiated"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "status",
"values": [
{
"value": "Revoked"
},
{
"value": "Initiated"
}
]
}
},
"statusReason": {
"description": "A description of why the `status` has its value",
"enum": [
"Expired",
"UserRequested",
"NewerRequestInitiated"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "statusReason",
"values": [
{
"value": "Expired"
},
{
"value": "UserRequested"
},
{
"value": "NewerRequestInitiated"
}
]
}
}
},
"required": [
"endTimeUtc",
"number",
"status",
"statusReason"
],
"type": "object"
},
"JitNetworkAccessRequestVirtualMachine": {
"properties": {
"id": {
"description": "Resource ID of the virtual machine that is linked to this policy",
"type": "string"
},
"ports": {
"description": "The ports that were opened for the virtual machine",
"items": {
"$ref": "#/definitions/JitNetworkAccessRequestPort"
},
"type": "array"
}
},
"required": [
"id",
"ports"
],
"type": "object"
},
"PortNumber": {
"maximum": 65535,
"minimum": 0,
"type": "integer"
}
}
}