Skip to main content

lacework-global-609

2.1.12 Set Microsoft Defender for IoT To 'On' (Manual)

Profile Applicability

• Level 2

Description

Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.

Rationale

IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.

Impact

Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.

Audit

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade
  3. Click on the subscription name
  4. Select the Defender plans blade
  5. Review the chosen pricing tier. For the IoT resource type Plan should be set to On.

Remediation

From Azure Portal

  1. Go to Microsoft Defender for Cloud.
  2. Select Environment Settings blade.
  3. Click the subscription name.
  4. Select the Defender plans blade.
  5. For the IoT resource type Plan set the radio button to On.

References

https://azure.microsoft.com/en-us/services/iot-defender/#overview
https://docs.microsoft.com/en-us/azure/defender-for-iot/
https://azure.microsoft.com/en-us/pricing/details/iot-defender/
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/defender-for-iot-security-baseline
https://docs.microsoft.com/en-us/cli/azure/iot?view=azure-cli-latest
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities

Additional Information

At the time of writing Microsoft Defender for IoT has been recently released. To ensure correct terminology, the Center for Internet Security (CIS) plans to include commands for this in v1.6. There are additional configurations for Microsoft Defender for IoT that allow for types of deployments called hybrid or local. Both run on your physical infrastructure. These complicated setups are mostly outside of the scope of a purely Azure benchmark. Please see the reference to consider these options for your organization.

Last updated on