You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/device-builders/quickstart-onboard-iot-hub.md
+90-2Lines changed: 90 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,6 +18,13 @@ This article explains how to enable Microsoft Defender for IoT on an Azure IoT h
18
18
19
19
- The ability to create a standard tier IoT Hub.
20
20
21
+
- For the [resource group and access management setup process](#allow-access-to-the-iot-hub), you need the following roles:
22
+
23
+
- To add role assignments, you need the Owner, Role Based Access Control Administrator and User Access Administrator roles.
24
+
- To register resource providers, you need th Owner and Contributor roles.
25
+
26
+
Learn more about [privileged administrator roles in Azure](../../role-based-access-control/role-assignments-steps.md#privileged-administrator-roles).
27
+
21
28
> [!NOTE]
22
29
> Defender for IoT currently only supports standard tier IoT Hubs.
23
30
@@ -33,6 +40,8 @@ You can create a hub in the Azure portal. For all new IoT hubs, Defender for IoT
33
40
34
41
:::image type="content" source="media/quickstart-onboard-iot-hub/management-tab.png" alt-text="Ensure the Defender for IoT toggle is set to on.":::
35
42
43
+
1. Follow these steps to [allow access to the IoT Hub](#allow-access-to-the-iot-hub).
44
+
36
45
## Enable Defender for IoT on an existing IoT Hub
37
46
38
47
You can onboard Defender for IoT to an existing IoT Hub, where you can then monitor the device identity management, device to cloud, and cloud to device communication patterns.
@@ -41,15 +50,17 @@ You can onboard Defender for IoT to an existing IoT Hub, where you can then moni
41
50
42
51
1. Sign in to the [Azure portal](https://portal.azure.com/).
43
52
53
+
1. Follow these steps to [allow access to the IoT Hub](#allow-access-to-the-iot-hub).
54
+
44
55
1. Navigate to **IoT Hub** > **`Your hub`** > **Defender for IoT** > **Overview**.
45
56
46
57
1. Select **Secure your IoT solution**, and complete the onboarding form.
47
58
48
59
:::image type="content" source="media/quickstart-onboard-iot-hub/secure-your-iot-solution.png" alt-text="Select the secure your IoT solution button to secure your solution." lightbox="media/quickstart-onboard-iot-hub/secure-your-iot-solution-expanded.png":::
49
60
50
-
The **Secure your IoT solution** button will only appear if the IoT Hub hasn't already been onboarded, or if you set the Defender for IoT toggle to **Off** while onboarding.
61
+
The **Secure your IoT solution** button will only appear if the IoT Hub hasn't already been onboarded, or if you set the Defender for IoT toggle to **Off** while onboarding.
51
62
52
-
:::image type="content" source="media/quickstart-onboard-iot-hub/toggle-is-off.png" alt-text="If your toggle was set to off during onboarding.":::
63
+
:::image type="content" source="media/quickstart-onboard-iot-hub/toggle-is-off.png" alt-text="If your toggle was set to off during onboarding.":::
53
64
54
65
## Verify that Defender for IoT is enabled
55
66
@@ -85,6 +96,83 @@ Configure data collection settings for Defender for IoT in your IoT hub, such as
85
96
86
97
1. Select **Save** to save your settings.
87
98
99
+
## Set up resource providers and access control
100
+
101
+
To set up permissions needed to access the IoT hub:
102
+
103
+
1.[Set up resource providers and access control for the IoT hub](#allow-access-to-the-iot-hub).
104
+
1. To allow access to a Log Analytics workspace, also [set up resource providers and access control for Log Analytics workspace](#allow-access-to-a-log-analytics-workspace).
105
+
106
+
Learn more about [resource providers and resource types](../../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider).
107
+
108
+
### Allow access to the IoT Hub
109
+
110
+
To allow access to the IoT Hub:
111
+
112
+
#### Set up resource providers for the IoT hub
113
+
114
+
1. Sign in to the [Azure portal](https://portal.azure.com/) and navigate to the **Subscriptions** page.
115
+
116
+
1. In the subscriptions table, select your subscription.
117
+
118
+
1. In the subscription page that opens, from the left menu bar, select **Resource providers**.
119
+
120
+
1. In the search bar, type: *Microsoft.iot*.
121
+
122
+
1. Select the **Microsoft.IoTSecurity** provider and verify that its status is **Registered**.
123
+
124
+
#### Set up access control for the IoT hub
125
+
126
+
1. In your IoT hub, from the left menu bar, select **Access control (IAM)**, and from the top menu, select **Add > Add role assignment**.
127
+
128
+
1. In the **Role tab**, select the **Privileged administrator roles** tab, and select the **Contributor** role.
129
+
130
+
1. Select the **Members** tab, and next to **Members**, select **Select members**.
131
+
132
+
1. In the **Select members** page, in the **Select** field, type *Azure security*, select **Azure Security for IoT**, and select **Select** at the bottom.
133
+
134
+
1. Back in the **Members** tab, select **Review + assign** at the bottom of the tab, in the **Review and assign tab**, select **Review + assign** at the bottom again.
135
+
136
+
### Allow access to a Log Analytics workspace
137
+
138
+
To connect to a Log Analytics workspace:
139
+
140
+
#### Set up resource providers for the Log Analytics workspace
141
+
142
+
1. In the Azure portal, navigate to the **Subscriptions** page.
143
+
144
+
1. In the subscriptions table, select your subscription.
145
+
146
+
1. In the subscription page that opens, from the left menu bar, select **Resource providers**.
147
+
148
+
1. In the search bar, type: *Microsoft.OperationsManagement*.
149
+
150
+
1. Select the **Microsoft.OperationsManagement** provider and verify that its status is **Registered**.
151
+
152
+
#### Set up access control for the Log Analytics workspace
153
+
154
+
1. In the Azure portal, search for and navigate to the **Log analytics workspaces** page, select your workspace, and from the left menu, select **Access control (IAM)**.
155
+
156
+
1. From the top menu, select **Add > Add role assignment**.
157
+
158
+
1. In the **Role tab**, under **Job function roles**, search for *Log analytics*, and select the **Log Analytics Contributor** role.
159
+
160
+
1. Select the **Members** tab, and next to **Members**, select **Select members**.
161
+
162
+
1. In the **Select members** page, in the **Select** field, type *Azure security*, select **Azure Security for IoT**, and select **Select** at the bottom.
163
+
164
+
1. Back in the **Members** tab, select **Review + assign** at the bottom of the tab, in the **Review and assign tab**, select **Review + assign** at the bottom again.
165
+
166
+
#### Enable Defender for IoT
167
+
168
+
1. In your IoT hub, from the left menu, select **Settings**, and in the **Settings page**, select **Data Collection**.
169
+
170
+
1. Toggle on **Enable Microsoft Defender for IoT**, and select **Save** at the bottom.
171
+
172
+
1. Under **Choose the Log Analytics workspace you want to connect to**, set the toggle to **On**.
173
+
174
+
1. Select the subscription for which you [set up the resource provider](#set-up-resource-providers-for-the-log-analytics-workspace) and workspace.
175
+
88
176
## Next steps
89
177
90
178
Advance to the next article to add a resource group to your solution.
0 commit comments