Manage Defender for IoT subscriptions

Your Defender for IoT deployment is managed through your Microsoft Defender for IoT account subscriptions. You can onboard, edit, and offboard your subscriptions to Defender for IoT in the Azure portal.

For each subscription, you'll be asked to define a number of committed devices. Committed devices are the approximate number of devices that will be monitored in your enterprise.

Note

If you've come to this page because you are a former CyberX customer and have questions about your account, reach out to your account manager for guidance.

Subscription billing

You're billed based on the number of committed devices associated with each subscription.

The billing cycle for Microsoft Defender for IoT follows a calendar month. Changes you make to committed devices during the month are implemented one hour after confirming your update, and are reflected in your monthly bill. Subscription offboarding also takes effect one hour after confirming the offboard.

Your enterprise may have more than one paying entity. If this is the case you can onboard more than one subscription.

Before you subscribe, you should have a sense of how many devices you would like your subscriptions to cover.

Users can also work with trial subscription, which supports monitoring a limited number of devices for 30 days. See Microsoft Defender for IoT pricing information on committed device prices.

What's a device?

Defender for IoT considers any of the following as single and unique network devices:

• Managed or unmanaged standalone IT/OT/IoT devices, with one or more NICs
• Devices with multiple backplane components, including all racks, slots, or modules
• Devices that provide network infrastructure, such as switches or routers with multiple NICs

The following items aren't monitored as devices, and don't appear in the Defender for IoT device inventories:

• Public internet IP addresses
• Multi-cast groups
• Broadcast groups

Devices that are inactive for more than 60 days are classified as inactive inventory devices.

Requirements

Before you onboard a subscription, verify that:

• Your Azure account is set up.
• You have the required Azure user permissions.

Azure account subscription requirements

To get started with Microsoft Defender for IoT, you must have a Microsoft Azure account subscription.

If you do not have a subscription, you can sign up for a free account. For more information see, https://azure.microsoft.com/free/.

If you already have access to an Azure subscription, but it isn't listed when subscribing to Defender for IoT, check your account details and confirm your permissions with the subscription owner. See https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade.

User permission requirements

Azure Subscription Owners and Subscription Contributors can onboard, update, and offboard Microsoft Defender for IoT subscriptions.

Calculate the number of devices you need to monitor

When onboarding or editing your Defender for IoT plan, you'll need to know how many devices you want to monitor.

To calculate the number of devices you need to monitor:

Collect the total number of devices in your network and remove:

• Duplicate devices that have the same IP or MAC address. When detected, the duplicates are automatically removed by Defender for IoT.

• Duplicate devices that have the same ID. These are the same devices, seen by the same sensor, with different field values. For such devices, check the last time each device had activity and use the latest device only.

• Inactive devices, with no traffic for more than 60 days.

• Broadcast / multicast devices. These represent unique addresses but not unique devices.

For more information, see What's a device?

Onboard a trial subscription

If you would like to evaluate Defender for IoT, you can use a trial subscription. The trial is valid for 30 days and supports 1000 committed devices. Using the trial lets you deploy one or more Defender for IoT sensors on your network. Use the sensors to monitor traffic, analyze data, generate alerts, learn about network risks and vulnerabilities, and more. The trial also allows you to download an on-premises management console to view aggregated information generated by sensors.

This section describes how to create a trial subscription for a sensor.

To create a trial subscription:

1. Navigate to Defender for IoT: Getting started in the Azure portal.
2. Select Onboard subscription.
3. In the Pricing page, select Start with a Trial.
4. Select a subscription from the Onboard trial subscription pane and then select Evaluate.
5. Confirm your evaluation.
6. Onboard a sensor or set up a sensor, if required.

Onboard a subscription

This section describes how to onboard a subscription.

To onboard a subscription:

1. Go to Defender for IoT: Getting started in the Azure portal.

2. Select Onboard subscription.

3. In the Pricing page, select Subscribe.

4. In the Onboard subscription pane, select a subscription and the number of committed devices from the drop-down menu.

   

5. Select Subscribe.

6. Confirm your subscription.

7. If you haven't done so already, onboard a sensor or Set up a sensor.

Update committed devices in a subscription

You may need to update your subscription with more committed devices, or fewer committed devices. More devices may require monitoring if, for example, you are increasing existing site coverage, discovered more devices than expected or there are network changes such as adding switches.

To update a subscription:

1. Go to Defender for IoT: Getting started in the Azure portal.
2. Select Onboard subscription.
3. Select the subscription, and then select the three dots (...).
4. Select Edit.
5. Update the committed devices and select Save.
6. In the confirmation dialog box that opens, select Confirm.

Changes in device commitment will take effect one hour after confirming the change. Billing for these changes will be reflected at the beginning of the month following confirmation of the change.

You will need to upload a new activation file to your on-premises management console. The activation file reflects the new number of committed devices. SeeUpload an activation file.

Offboard a subscription

You may need to offboard a subscription, for example if you need to work with a new payment entity. Subscription offboarding takes effect one hour after confirming the offboard. Your upcoming monthly bill will reflect this change.

Remove all sensors that are associated with the subscription prior to offboarding. For more information on how to delete a sensor, see Delete a sensor.

To offboard a subscription:

1. Go to Defender for IoT: Getting started in the Azure portal.

2. Select the subscription, and then select the three dots (...).

3. Select Offboard subscription.

4. In the confirmation popup, select the checkbox to confirm you have deleted all sensors associated with the subscription.

   

5. Select Offboard.

Apply a new subscription

Business considerations may require that you apply a different subscription to your deployment than the one currently being used. If you change the subscription, you will need to upload a new sensor activation file. The file contains information on subscription expiration dates.

To apply a new subscription:

1. Delete the subscription currently being used.
2. Select a new subscription.
3. Download an activation file for the sensor associated with the subscription.
4. Upload the activation file to the sensor.

Next steps

• Manage sensors with Defender for IoT in the Azure portal

• Activate and set up your on-premises management console