Skip to main content

CyberArk Dynamic Privileged Access Now Supports JIT Access to Windows Targets in Microsoft Azure

CyberArk Dynamic Privileged Access – Deployment and API Enhancements

As the need for just-in-time (JIT) privileged access grows, CyberArk Dynamic Privileged Access (DPA) frequently adds new features to assist organizations’ efforts in reducing risk. 

In the latest release, CyberArk DPA now supports Microsoft Azure-based Windows targets and offers improved guidance on connections.

Microsoft Azure-based Windows Target Support

With this update, you can now reduce the risk of standing access rights to virtual machines (VMs) in your Azure cloud environments by connecting in a JIT manner. This release adds to CyberArk DPA’s existing support for JIT access to Linux targets in Azure and JIT access to both Linux and Windows VMs in Amazon Web Services (AWS) cloud environments — reducing the risk of compromised credentials with persistent privileged access to critical Windows VMs hosted in your Azure cloud subscriptions.

In addition, this new feature helps enable operational efficiencies by allowing users to connect using the client of their choice with their personal credentials through a connection secured by multi-factor authentication (MFA). 

Note: CyberArk Dynamic Privileged Access is a part of the CyberArk Identity Security Platform Shared Services and allows you to add targets such as Windows VMs in Azure or on-premises Linux machines in your network to manage within the platform. A new Azure subscription for Platform Management is required to enable JIT access to your Windows cloud VMs in Azure and to add Windows targets. If you already use Azure for Linux VMs, you simply need to verify having a CyberArk DPA connector installed on Windows and then edit the policy to include Windows targets.

Learn more about adding a Microsoft Azure subscription.

Improved Connection Guidance

CyberArk has upgraded the Connection Guidance page for CyberArk DPA administrators to include the alias script for SSH connections and MFA caching for users.

Additionally, end users can access the CyberArk DPA tile within the CyberArk Identity Security Platform and view Connection Guidance to smooth their connection path. The Connection Path page will automatically generate key connection details and, for Windows targets, create the RDP file containing relevant information available for download. 

RDP and SSH connections now also require your organization’s tenant subdomain to be included for cloud and self-hosted. 

Learn more about connecting to a Linux target and connecting to a Windows target via RDP clients.

Check out the What's New page in CyberArk Documentation for more information and updates.