Get started with Azure Security Center for IoT

Important

Azure Security Center for IoT is currently in public preview. This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.

This article provides an explanation of the different building blocks of the Azure Security Center (ASC) for IoT service and explains how to get started with enabling the service.

ASC for IoT can be seamlessly integrated into your IoT Hub to provide security analysis of IoT hub configuration, device identity and hub-device communication patterns. For enhanced security capabilities, ASC for IoT provides agent-based collection of security data from your IoT devices.

ASC for IoT seamless IoT Hub integration

When attempting to protect your individual IoT devices, the ability to collect data directly from the devices, or from their network is required. To support this effort, ASC for IoT offers an arsenal of low-footprint security agents to provide device monitoring and hardening.

In ASC for IoT preview, reference architecture for Linux and Windows security agents, both in C# and C are provided. The agents handle raw event collection from the device operating system, event aggregation to reduce cost, and configuration through a device module twin. Security messages are sent through your IoT Hub, into ASC for IoT analytics services.

ASC for IoT basics

Choose the workflow scenario that best meets your IoT device and environment requirements:

Get started with ASC for IoT seamless IoT Hub integration

Note

This workflow enables you to use the service without using ASC for IoT security agents.

To enable monitoring your device identity management, device to cloud, and cloud to device communication patterns,use following basic workflow for testing and to start the service:

  1. Enable ASC for IoT service on your IoT Hub
  2. If your IoT Hub has no registered devices, Register a new device.
  3. Create an azureiotsecurity security module for your devices for your devices.
  4. Define normal device and system behavior through custom alerts.
  5. Perform system testing to verify service and device status.
  6. Explore alerts, recommendations, and deep dive using Log Analytics using IoT Hub.

Get started with ASC for IoT security agents

Make use of ASC for IoT enhanced security capabilities, such as monitoring remote connections, active applications, login events, and OS configuration best practices by using the following basic workflow to test and enable the service:

  1. Enable ASC for IoT service to your IoT Hub
  2. If your IoT Hub has no registered devices, Register a new device.
  3. Create an azureiotsecurity security module for your devices.
  4. To install the agent on an Azure simulated device instead of installing on an actual device, spin up a new Azure Virtual Machine (VM) in an available zone.
  5. Deploy an ASC for IoT security agent on your IoT device, or new VM.
  6. Follow the instructions for trigger_events to run a simulation of a harmless attack.
  7. Verify ASC for IoT alerts in response to the simulated attack in the previous step. Begin verification five minutes after running the script.
  8. Explore alerts, recommendations, and deep dive using Log Analytics using IoT Hub.

Next steps