Current JIT workflows are incompatible with Iac workflows.
Enablement of JIT creates a new undocumented default deny NSG rule that is conflicting with the IaC created rules.
Re-deployment of IaC then will revert JIT changes.
It should be documented how JIT and IaC should work together and how to onboard machines programmatically without breaking existing IaC templating.
I now have JIT's default deny role on priority 1000 on one subscription and on 4096 on other subscription. It is really hard to write template that works with undocumented internal processes(=Windows Azure Security Resource Provider/8edd93e1-2103-40b4-bd70-6e34e586362d).
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
ID: e4d2c104-84df-a487-8a15-110e535512cb
Version Independent ID: e6cd74cf-b992-2cf6-bb85-d260bd2a1e3a
Current JIT workflows are incompatible with Iac workflows.
Enablement of JIT creates a new undocumented default deny NSG rule that is conflicting with the IaC created rules.
Re-deployment of IaC then will revert JIT changes.
It should be documented how JIT and IaC should work together and how to onboard machines programmatically without breaking existing IaC templating.
I now have JIT's default deny role on priority 1000 on one subscription and on 4096 on other subscription. It is really hard to write template that works with undocumented internal processes(=Windows Azure Security Resource Provider/8edd93e1-2103-40b4-bd70-6e34e586362d).
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.