New Azure IoT Hub Policies for Tenable.cs

Summary

Tenable Research has developed a new set of Tenable.cs policies to assess Azure IoT Hub and Microsoft Defender for IoT. These policies provide automated assessment of Microsoft’s recommended configurations for IoT Hub.

Some policy examples include:

• Ensure TLS 1.2 or greater is used for the IoT Hub
• Ensure shared access policies for IoT Hub are not used
• Ensure shared access policies for IoT Hub Device Provisioning Service (DPS) are not used
• Ensure that public network access is disabled for Azure IoT Hub Device Provisioning Service (DPS)
• Ensure IP addresses are masked in the logs for IoT Hub
• Ensure that the Microsoft Defender for IoT Hub is enabled
• A variety of policies that ensure that Microsoft Defender attributes are configured as recommended

Target Release Date

Immediate

Additional Notes:

• Azure security baseline for Azure IoT Hub
• Reference table for all Microsoft Defender for Cloud recommendations
• Security recommendations for IoT Hub - Microsoft Defender for IoT