🔥 3-day streak
Microsoft Azure Virtual Desktop Specialty (AZ-140)12 / 86
Question 12 of 86

Your company runs a pooled Azure Virtual Desktop host pool. The security team enabled Microsoft Defender for Cloud with the enhanced security features (Defender for Servers Plan 2) on the subscription containing the session hosts. In the Defender for Cloud recommendations, you see 'Management ports of your virtual machines should be protected with just-in-time network access control' flagged as unhealthy for all session host VMs. Management currently uses the default deny-inbound behavior via NSGs, and no administrator connects over RDP directly. You must resolve the recommendation with the least ongoing administrative effort while preserving occasional break-glass administrative access. What should you do?

Reviewed for accuracy · Report an issueNext question