Azure Security Center – Just-in-Time Network Access
Cloud hosted VM's are prime targets for RDP and SSH brute force attacks because management ports are typically left in an open state. With Just in Time network access, you can put any of your ports, not just management ports, into a default deny state until a user requires access. Once access is requested, the ports will be temporarily opened for a customized window of time until the window expires, at which point ports will be back to a locked down state. This greatly reduces risk exposure to your VM's and guards against compromised credentials, brute force attacks, lateral movement, and much more.