Exam AZ-800 topic 11 question 3 discussion

"Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours" https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage JIT lets you allow access to your VMs only when the access is needed, on the ports needed, and for the period of time needed. D is correct

This is defender for cloud now- it has more features possible - you can go to security center and add JIT now and you can also go to the vm properties and ask that way- these are the links that start down the foxhole- but im saving this for az-104 https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-overview?tabs=defender-for-container-arch-aks

The question is what you should use. You use PIM = B to configure jit. It's a misleading question, but D cannot be used. It's a concept in PIM

Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.

With JIT VM you can request RDP access to a VM. With PIM you set RBAC roles.

JIT VM access seems to be more specifically targeted at what is needed here. (Although answer B (PIM) is bit confusing, I must admit.) See https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage for the capabilities of JIT VM access.

B https://docs.microsoft.com/it-it/azure/active-directory/privileged-identity-management/pim-configure