Description:

Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.


Rationale:

IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.


Impact:

Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.


Audit:

From Azure Portal

1. Go to IoT Hub.

2. Select a IoT Hub to validate.

3. Select Overview in Defender for IoT.

4. The Threat prevention and Threat detection screen will appear, if Defender for IoT is Enabled.


Remediation:

From Azure Portal

1. Go to IoT Hub.

2. Select a IoT Hub to validate.

3. Select Overview in Defender for IoT.

4. Click on Secure your IoT solution, and complete the onboarding.


Default Value:

By default, Microsoft Defender for IoT is not enabled.


References:

1. https://azure.microsoft.com/en-us/services/iot-defender/#overview 

2. https://docs.microsoft.com/en-us/azure/defender-for-iot/

3. https://azure.microsoft.com/en-us/pricing/details/iot-defender/

4. https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/defenderfor-iot-security-baseline

5. https://docs.microsoft.com/en-us/cli/azure/iot?view=azure-cli-latest

6. https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-1-enable-threat-detection-capabilities

7. https://learn.microsoft.com/en-us/azure/defender-for-iot/devicebuilders/quickstart-onboard-iot-hub