🛡️ Azure Subscription Microsoft Defender For IoT Hub is not set to On🟢⚪
- Contextual name: 🛡️ Microsoft Defender For IoT Hub is not set to On🟢⚪
- ID:
/ce/ca/azure/subscription/microsoft-defender-for-iot-hub - Tags:
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Similar Policies
- Cloud Conformity: Enable Defender for Endpoint Integration with Microsoft Defender for Cloud
- Internal:
dec-x-cff561fd
Similar Internal Rules
| Rule | Policies | Flags |
|---|---|---|
| ✉️ dec-x-cff561fd | 3 |
Description
Description
Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.
Rationale
IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.
Impact
Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.
Audit
From Azure Portal
- Go to
IoT Hub.- Select an
IoT Hubto validate.- Select
OverviewinDefender for IoT.- The Threat prevention and Threat detection screen will appear, if
Defender for IoTis Enabled.Default Value
By default, Microsoft Defender for IoT is not enabled.
References
- https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-iot#overview
- https://learn.microsoft.com/en-us/azure/defender-for-iot/
- https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-iot-pricing
- https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/microsoft-defender-for-iot-security-baseline
... see more
Remediation
Remediation
From Azure Portal
- Go to
IoT Hub.- Select an
IoT Hubto validate.- Select
OverviewinDefender for IoT.- Click on
Secure your IoT solution, and complete the onboarding.
policy.yaml
Linked Framework Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 APRA CPG 234 → 💼 16f information security reporting and analytics; | 9 | 11 | no data | ||
| 💼 APRA CPG 234 → 💼 36j monitoring controls — for timely detection of compromises to information security; | 9 | 11 | no data | ||
| 💼 APRA CPG 234 → 💼 67a network and user profiling that establishes a baseline of normal activity which, when combined with logging and alerting mechanisms, can enable detection of anomalous activity; | 19 | 22 | no data | ||
| 💼 CIS Azure v5.0.0 → 💼 8.2.1 Ensure That Microsoft Defender for IoT Hub Is Set To 'On' (Manual) | 1 | no data | |||
| 💼 Cloudaware Framework → 💼 Microsoft Defender Configuration | 29 | no data | |||
| 💼 FedRAMP High Security Controls → 💼 IR-6(1) Automated Reporting (M)(H) | 8 | 10 | no data | ||
| 💼 FedRAMP Moderate Security Controls → 💼 IR-6(1) Automated Reporting (M)(H) | 10 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SI-7(12) Software, Firmware, and Information Integrity _ Integrity Verification | 19 | 21 | no data | ||
| 💼 SOC 2 → 💼 CC7.2-3 Implements Filters to Analyze Anomalies | 9 | 18 | no data |