🛡️ Azure Subscription Microsoft Defender For IoT Hub is not set to On🟢⚪

• Contextual name: 🛡️ Microsoft Defender For IoT Hub is not set to On🟢⚪
• ID: /ce/ca/azure/subscription/microsoft-defender-for-iot-hub
• Tags:
  • ⚪ Impossible policy
  • 🟢 Policy with categories
  • 🟢 Policy with type
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: SECURITY

Similar Policies

• Cloud Conformity: Enable Defender for Endpoint Integration with Microsoft Defender for Cloud
• Internal: dec-x-cff561fd

Similar Internal Rules

Rule	Policies	Flags
✉️ dec-x-cff561fd	3

Description

Open File

Description

Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.

Rationale

IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.

Impact

Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.

Audit

From Azure Portal

1. Go to IoT Hub.
2. Select an IoT Hub to validate.
3. Select Overview in Defender for IoT.
4. The Threat prevention and Threat detection screen will appear, if Defender for IoT is Enabled.

Default Value

By default, Microsoft Defender for IoT is not enabled.

References

1. https://azure.microsoft.com/en-us/services/iot-defender/#overview
2. https://docs.microsoft.com/en-us/azure/defender-for-iot/
3. https://azure.microsoft.com/en-us/pricing/details/iot-defender/
4. https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/defender-for-iot-security-baseline

... see more

Remediation

Open File

Remediation

From Azure Portal

1. Go to IoT Hub.
2. Select an IoT Hub to validate.
3. Select Overview in Defender for IoT.
4. Click on Secure your IoT solution, and complete the onboarding.

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 APRA CPG 234 → 💼 16f information security reporting and analytics;		9	11		no data
💼 APRA CPG 234 → 💼 36j monitoring controls — for timely detection of compromises to information security;		9	11		no data
💼 APRA CPG 234 → 💼 67a network and user profiling that establishes a baseline of normal activity which, when combined with logging and alerting mechanisms, can enable detection of anomalous activity;		19	22		no data
💼 CIS Azure v2.1.0 → 💼 2.2.1 Ensure That Microsoft Defender for IoT Hub Is Set To 'On' - Level 2 (Manual)			1		no data
💼 CIS Azure v3.0.0 → 💼 3.2.1 Ensure That Microsoft Defender for IoT Hub Is Set To 'On' (Manual)			1		no data
💼 CIS Azure v4.0.0 → 💼 9.2.1 Ensure That Microsoft Defender for IoT Hub Is Set To 'On' (Manual)			1		no data
💼 Cloudaware Framework → 💼 Microsoft Defender Configuration			26		no data
💼 FedRAMP High Security Controls → 💼 IR-6(1) Automated Reporting (M)(H)		8	10		no data
💼 FedRAMP Moderate Security Controls → 💼 IR-6(1) Automated Reporting (M)(H)			10		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(12) Software, Firmware, and Information Integrity _ Integrity Verification		19	21		no data
💼 SOC 2 → 💼 CC7.2-3 Implements Filters to Analyze Anomalies		9	18		no data