Skip to main content

lacework-global-609

2.1.12 Ensure That Microsoft Defender for IoT Is Set To 'On' (Manual)

Profile Applicability

• Level 2

Description

Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.

Rationale

IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.

Impact

Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.

Audit

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade
  3. Click on the subscription name
  4. Select the Defender plans blade
  5. Review the chosen pricing tier. For the IoT resource type Plan should be set to On.

Remediation

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade.
  3. Click on the subscription name.
  4. Select the Defender plans blade.
  5. For the IoT resource type Plan set the radio button to On.

References

https://azure.microsoft.com/en-us/services/iot-defender/#overview
https://docs.microsoft.com/en-us/azure/defender-for-iot/
https://azure.microsoft.com/en-us/pricing/details/iot-defender/
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/defender-for-iot-security-baseline
https://docs.microsoft.com/en-us/cli/azure/iot?view=azure-cli-latest
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities

Additional Information

At the time of writing Microsoft Defender for IoT has been recently released. To ensure we have correct terminology for the commands we are waiting until v1.6 to include them. There are additional configurations for Microsoft Defender for IoT that allow for types of deployments called hybrid or local. Both run on your physical infrastructure. These are complicated setups and are mostly outside of the scope of a purely Azure benchmark. Please see the reference to consider these options for your organization.