Links

Microsoft Devices

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Asset Inventory

Design Guidance:

Microsoft.Devices/IotHubs

Location
Terraform
Name
Terraform
Event Hubs-Id
Terraform
Event Hubs-Name
Terraform
Service Bus Queues-Id
Terraform
Service Bus Queues-Name
Terraform
Service Bus Topics-Id
Terraform
Service Bus Topics-Name
Terraform
Storage Containers-Container Name
Terraform
Storage Containers-Id
Terraform
Tags
Terraform

Access Policy Enforcement

Microsoft.Devices/IotHubs

Authorization Policies
Terraform
Authorization Policies-Key Name
Terraform
Authorization Policies-Primary Key
Terraform
Authorization Policies-Rights
Terraform
Authorization Policies-Secondary Key
Terraform

Input Validation

Microsoft.Devices/IotHubs

Enable File Upload Notifications
Terraform

IP Whitelisting

Design Guidance:

Microsoft.Devices/IotHubs

Ip Filter Rules
Terraform
Ip Filter Rules-Action
Terraform
Ip Filter Rules-Filter Name
Terraform
Ip Filter Rules-Ip Mask
Terraform

TLS

Design Guidance:

Microsoft.Devices/IotHubs

Min TLS Version
Terraform

Network Isolation and Segregation

Design Guidance:

Microsoft.Devices/IotHubs

Public Network Access
Terraform

Identification and Authentication

Microsoft.Devices/IotHubs

Event Hubs-Authentication Type
Terraform
Service Bus Queues-Authentication Type
Terraform
Service Bus Topics-Authentication Type
Terraform
Storage Containers-Authentication Type
Terraform

Network Access Points Enforcing Network Access

Design Guidance:

Microsoft.Devices/IotHubs

Microsoft.Devices/IotHubs

Private Endpoint Connections
Terraform
Private Endpoint-Id
Terraform
Private Link Service Connection State-Actions Required
Terraform
Private Link Service Connection State-Description
Terraform
Private Link Service Connection State-Status
Terraform
Private Link Service Connection State
Terraform
Private Link Service Connection State-Actions Required
Terraform
Private Link Service Connection State-Description
Terraform
Private Link Service Connection State-Status
Terraform

Microsoft.Devices/iotHubs/privateEndpointConnections

Name
Private Link Service Connection State
Private Link Service Connection State-Actions Required
Private Link Service Connection State-Description
Private Link Service Connection State-Status
Description-Description

Destination Authentication

Design Guidance:

Microsoft.Devices/IotHubs/certificates

Certificate
Terraform