AZ-500 Question #154: Real Exam Question with Answer & Explanation

Question

You have an Azure subscription that contains virtual machines. You enable just in time (JIT) VM access to all the virtual machines. You need to connect to a virtual machine by using Remote Desktop. What should you do first?

Options

• AFrom Azure Directory (Azure AD) Privileged Identity Management (PIM), activate the Security
• BFrom Azure Active Directory (Azure AD) Privileged Identity Management (PIM), activate the
• CFrom the Azure portal, select the virtual machine, select Connect, and then select Request
• DFrom the Azure portal, select the virtual machine and add the Network Watcher Agent virtual

Explanation

Explanation

When JIT VM access is enabled, Remote Desktop Protocol (RDP) port 3389 is blocked by default, and you must explicitly request access through the Azure portal before connecting - this is done by navigating to the VM, selecting Connect, and then selecting Request access, which temporarily opens the required port for your specific IP address. Option A and B are incorrect because Azure AD Privileged Identity Management (PIM) manages role-based access elevation for Azure resources and identities, not network port access for VM connectivity - JIT is a Microsoft Defender for Cloud feature, not a PIM function. Option D is incorrect because the Network Watcher Agent is a diagnostic and monitoring extension used for network performance and packet capture, and has no role in granting RDP access to a VM.

Memory Tip: Think of JIT as a "locked door with a doorbell" - PIM manages who has keys to the building, while JIT controls whether the door is even open. You must always ring the bell (Request access) through the Azure portal before RDP can reach your VM.

No community discussion yet for this question.