lacework-global-609
2.1.12 Ensure That Microsoft Defender for IoT Is Set To 'On' (Manual)
Profile Applicability
• Level 2
Description
Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.
Rationale
IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.
Impact
Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.
Audit
From Azure Portal
- Go to
Microsoft Defender for Cloud
- Select
Environment Settings
blade - Click on the subscription name
- Select the
Defender plans
blade - Review the chosen pricing tier. For the
IoT
resource typePlan
should be set toOn
.
Remediation
From Azure Portal
- Go to
Microsoft Defender for Cloud
- Select
Environment Settings
blade. - Click on the subscription name.
- Select the
Defender plans
blade. - For the
IoT
resource typePlan
set the radio button toOn
.
References
https://azure.microsoft.com/en-us/services/iot-defender/#overview
https://docs.microsoft.com/en-us/azure/defender-for-iot/
https://azure.microsoft.com/en-us/pricing/details/iot-defender/
https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/defender-for-iot-security-baseline
https://docs.microsoft.com/en-us/cli/azure/iot?view=azure-cli-latest
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities
Additional Information
At the time of writing Microsoft Defender for IoT has been recently released. To ensure we have correct terminology for the commands we are waiting until v1.6 to include them. There are additional configurations for Microsoft Defender for IoT that allow for types of deployments called hybrid or local. Both run on your physical infrastructure. These are complicated setups and are mostly outside of the scope of a purely Azure benchmark. Please see the reference to consider these options for your organization.