Quickstart: Get started with Defender for IoT

This article provides an overview of the steps you'll take to set up Microsoft Defender for IoT. The process requires that you:

  • Register your subscription and sensors on Defender for IoT in the Azure portal.
  • Install the sensor and on-premises management console software.
  • Perform initial activation of the sensor and management console.

Prerequisites

Here's what you need to get started with Defender for IoT.

  • Network switches that support traffic monitoring via SPAN port.
  • Hardware appliances for NTA sensors.
  • The Azure Subscription Contributor role. It's required only during onboarding for defining committed devices and connection to Microsoft Sentinel.
  • Azure IoT Hub (Free or Standard tier) Contributor role, for cloud-connected management. Make sure that the Microsoft Defender for IoT feature is enabled.

Supported service regions

Defender for IoT routes all traffic from all European regions to the West Europe regional datacenter. It routes traffic from all remaining regions to the Central US regional datacenter. Review IoT Hub supported regions.

Permissions: Sensors and on-premises management consoles

Some of the setup steps require specific user permissions.

Administrative user permissions are required to activate the sensor and management console, upload SSL/TLS certificates, and generate new passwords.

Permissions: Defender for IoT in the Azure portal

The following table describes user access permissions to Azure portal tools:

Permission Security reader Security administrator Subscription contributor Subscription owner
View details and access software, activation files and threat intelligence packages
Onboard sensors
Onboard subscriptions and update committed devices
Recover passwords

Identify the solution infrastructure

Clarify your network setup needs

Research your:

  • Network architecture
  • Monitored bandwidth
  • Requirements for creating certificates
  • Other network details.

For more information, see About Microsoft Defender for IoT network setup.

Clarify which sensors and management console appliances are required to handle the network load

Microsoft Defender for IoT supports both physical and virtual deployments. For the physical deployments, you can purchase various certified appliances. For more information, see Identify required appliances.

We recommend that you calculate the approximate number of devices that will be monitored. Later, when you register your Azure subscription to the portal, you'll be asked to enter this number. Numbers can be added in intervals of 1,000,for example 1000, 2000, 3000. The numbers of monitored devices are called committed devices.

Register with Microsoft Defender for IoT

Registration includes:

  • Onboarding your Azure subscriptions to Defender for IoT.
  • Defining committed devices.
  • Downloading an activation file for the on-premises management console.

You can also use a trial subscription to monitor 1000 devices for free for 30 days. See Onboard a trial subscription for more information.

To register:

  1. Go to the Defender for IoT: Getting started in the Azure portal.

  2. Select Onboard subscription.

  3. On the Pricing page, select a subscription or create a new one, and add the number of committed devices.

  4. Select the Download the on-premises management console tab and save the downloaded activation file. This file contains the aggregate committed devices that you defined. The file will be uploaded to the management console after initial sign-in.

For information on how to offboard a subscription, see Offboard a subscription.

Install and set up the on-premises management console

After you acquire your on-premises management console appliance:

  • Download the ISO package from the Azure portal.
  • Install the software.
  • Activate and carry out initial management console setup.

To install and set up:

  1. Go to Defender for IoT: Getting Started in the Azure portal].

  2. Select the On-premises management console tab.

  3. Choose a version and select Download.

  4. Install the on-premises management console software. For more information, see Defender for IoT installation.

  5. Activate and set up the management console. For more information, see Activate and set up your on-premises management console.

Onboard a sensor

Onboard a sensor by registering it with Microsoft Defender for IoT and downloading a sensor activation file:

  1. Define a sensor name and associate it with a subscription.

  2. Choose a sensor connection mode:

    • Cloud connected sensors: Information that sensors detect is displayed in the sensor console. In addition, alert information is delivered through an IoT hub and can be shared with other Azure services, such as Microsoft Sentinel. You can also choose to automatically push threat intelligence packages from Defender for IoT to your sensors. For more information, see Threat intelligence research and packages.

    • Locally managed sensors: Information that sensors detect is displayed in the sensor console. If you're working in an air-gapped network and want a unified view of all information detected by multiple locally managed sensors, work with the on-premises management console.

  3. Select a site to associate your sensor to within an IoT Hub. The IoT Hub will serve as a gateway between this sensor and Microsoft Defender for IoT. Define the display name, and zone. You can also add descriptive tags. The display name, zone, and tags are descriptive entries on the Sites and Sensors page.

  4. Select Register.

  5. Select Download activation file.

For details about onboarding, see Onboard and manage sensors with Defender for IoT.

Install and set up the sensor

Download the ISO package from the Azure portal, install the software, and set up the sensor.

  1. Go to Defender for IoT: Getting started in the Azure portal.

  2. Select Set up sensor.

  3. Choose a version and select Download.

  4. Install the sensor software. For more information, see Defender for IoT installation.

  5. Activate and set up your sensor. For more information, see Sign in and activate a sensor.

Connect sensors to an on-premises management console

Connect sensors to the management console to ensure that:

  • Sensors send alert and device inventory information to the on-premises management console.

  • The on-premises management console can perform sensor backups, manage alerts that sensors detect, investigate sensor disconnections, and carry out other activity on connected sensors.

We recommend that you group multiple sensors monitoring the same networks in one zone. Doing this will coalesce information collected by multiple sensors.

For more information, see Connect sensors to the on-premises management console.

Populate Microsoft Sentinel with alert information (optional)

Send alert information to Microsoft Sentinel by configuring Microsoft Sentinel. See Connect your data from Defender for IoT to Microsoft Sentinel.

Next steps

Welcome to Microsoft Defender for IoT

Microsoft Defender for IoT architecture