我正在按时工作。它应该在所有Azure虚拟机中启用。为此,我正在检索详细信息,以查看有多少VM的JIT被启用或禁用。
是否有任何脚本或命令通过PowerShell在Excel中给出详细信息来获取这些细节?
命令应该是get - azjitnetworkaccessppolicy
# Sample from microsoft docs
Get-AzJitNetworkAccessPolicy
Id : /subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/centralus/jitNetworkAccessPolicies/default
Name : default
Kind : Basic
VirtualMachines : {/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Compute/virtualMachines/testService}
Requests : {Microsoft.Azure.Commands.Security.Models.JitNetworkAccessPolicies.PSSecurityJitNetworkAccessPolicyRequest}
ProvisioningState : Succeeded
它是Az.Security Module的一部分。
该命令将显示所有即时策略和分配的机器(VirtualMachines属性)结合Get-AzVM您可以创建一个尚未启用JIT的列表。
像这样的代码应该可以达到这个效果:
Import-Module Az.Compute
Import-Module Az.Security
Connect-AzAccount -SubscriptionId "<Id>"
$AzJITPolicies = Get-AzJitNetworkAccessPolicy
$AzVMs = Get-AzVM
$ResultSet = @("VmName;JITEnabled")
foreach($AzVM in $AzVMS) {
# You probably need to filter the rules even further here.
$PolicyExists = $AzJITPolicies | Where-Object { $_.VirtualMachines | Where-Object { $_.Id -eq $AzVm.Id }}
$JITEnabled = $false
if($PolicyExists) {
$JITEnabled = $true
}
$ResultSet += ($AzVM.Name + ";" + $JITEnabled)
}
# export as csv => import in excel
$ResultSet -join "`r`n" | Out-File "c:result.csv"