Iot Security Solution - Create Or Update

Service:: Defender for Cloud

API Version:: 2019-08-01

Use this method to create or update yours IoT Security solution

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}?api-version=2019-08-01

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string minLength: 1 maxLength: 90 pattern: ^[-\w\._\(\)]+$	The name of the resource group within the user's subscription. The name is case insensitive.
solutionName	path	True	string	The name of the IoT Security solution.
subscriptionId	path	True	string pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$	Azure subscription ID
api-version	query	True	string	API version for the operation

Request Body

Name	Required	Type	Description
properties.displayName	True	string	Resource display name.
properties.iotHubs	True	string[]	IoT Hub resource IDs
location		string	The resource location.
properties.additionalWorkspaces		AdditionalWorkspacesProperties[]	List of additional workspaces
properties.disabledDataSources		DataSource[]	Disabled data sources. Disabling these data sources compromises the system.
properties.export		ExportData[]	List of additional options for exporting to workspace data.
properties.recommendationsConfiguration		RecommendationConfigurationProperties[]	List of the configuration status for each recommendation type.
properties.status		SecuritySolutionStatus	Status of the IoT Security solution.
properties.unmaskedIpLoggingStatus		UnmaskedIpLoggingStatus	Unmasked IP address logging status
properties.userDefinedResources		UserDefinedResourcesProperties	Properties of the IoT Security solution's user defined resources.
properties.workspace		string	Workspace resource ID
tags		object	Resource tags

Responses

Name	Type	Description
200 OK	IoTSecuritySolutionModel	Updated
201 Created	IoTSecuritySolutionModel	Created
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Create or update a IoT security solution

Sample request

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/iotSecuritySolutions/default?api-version=2019-08-01

{
  "tags": {},
  "location": "East Us",
  "properties": {
    "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
    "status": "Enabled",
    "export": [],
    "disabledDataSources": [],
    "displayName": "Solution Default",
    "iotHubs": [
      "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
    ],
    "userDefinedResources": {
      "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
      "querySubscriptions": [
        "075423e9-7d33-4166-8bdf-3920b04e3735"
      ]
    },
    "recommendationsConfiguration": [
      {
        "recommendationType": "IoT_OpenPorts",
        "status": "Disabled"
      },
      {
        "recommendationType": "IoT_SharedCredentials",
        "status": "Disabled"
      }
    ],
    "unmaskedIpLoggingStatus": "Enabled"
  }
}


import com.azure.resourcemanager.security.models.RecommendationConfigStatus;
import com.azure.resourcemanager.security.models.RecommendationConfigurationProperties;
import com.azure.resourcemanager.security.models.RecommendationType;
import com.azure.resourcemanager.security.models.SecuritySolutionStatus;
import com.azure.resourcemanager.security.models.UnmaskedIpLoggingStatus;
import com.azure.resourcemanager.security.models.UserDefinedResourcesProperties;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for IotSecuritySolution CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/
     * CreateIoTSecuritySolution.json
     */
    /**
     * Sample code: Create or update a IoT security solution.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void createOrUpdateAIoTSecuritySolution(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.iotSecuritySolutions().define("default").withExistingResourceGroup("MyGroup").withRegion("East Us")
            .withTags(mapOf())
            .withWorkspace(
                "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1")
            .withDisplayName("Solution Default").withStatus(SecuritySolutionStatus.ENABLED).withExport(Arrays.asList())
            .withDisabledDataSources(Arrays.asList())
            .withIotHubs(Arrays.asList(
                "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"))
            .withUserDefinedResources(new UserDefinedResourcesProperties()
                .withQuery("where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"")
                .withQuerySubscriptions(Arrays.asList("075423e9-7d33-4166-8bdf-3920b04e3735")))
            .withRecommendationsConfiguration(Arrays.asList(
                new RecommendationConfigurationProperties().withRecommendationType(RecommendationType.IO_T_OPEN_PORTS)
                    .withStatus(RecommendationConfigStatus.DISABLED),
                new RecommendationConfigurationProperties()
                    .withRecommendationType(RecommendationType.IO_T_SHARED_CREDENTIALS)
                    .withStatus(RecommendationConfigStatus.DISABLED)))
            .withUnmaskedIpLoggingStatus(UnmaskedIpLoggingStatus.ENABLED).create();
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.security import SecurityCenter

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-security
# USAGE
    python create_io_tsecurity_solution.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = SecurityCenter(
        credential=DefaultAzureCredential(),
        subscription_id="20ff7fc3-e762-44dd-bd96-b71116dcdc23",
    )

    response = client.iot_security_solution.create_or_update(
        resource_group_name="MyGroup",
        solution_name="default",
        iot_security_solution_data={
            "location": "East Us",
            "properties": {
                "disabledDataSources": [],
                "displayName": "Solution Default",
                "export": [],
                "iotHubs": [
                    "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
                ],
                "recommendationsConfiguration": [
                    {"recommendationType": "IoT_OpenPorts", "status": "Disabled"},
                    {"recommendationType": "IoT_SharedCredentials", "status": "Disabled"},
                ],
                "status": "Enabled",
                "unmaskedIpLoggingStatus": "Enabled",
                "userDefinedResources": {
                    "query": 'where type != "microsoft.devices/iothubs" | where name contains "iot"',
                    "querySubscriptions": ["075423e9-7d33-4166-8bdf-3920b04e3735"],
                },
                "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
            },
            "tags": {},
        },
    )
    print(response)


# x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json
func ExampleIotSecuritySolutionClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIotSecuritySolutionClient().CreateOrUpdate(ctx, "MyGroup", "default", armsecurity.IoTSecuritySolutionModel{
		Tags:     map[string]*string{},
		Location: to.Ptr("East Us"),
		Properties: &armsecurity.IoTSecuritySolutionProperties{
			DisabledDataSources: []*armsecurity.DataSource{},
			DisplayName:         to.Ptr("Solution Default"),
			Export:              []*armsecurity.ExportData{},
			IotHubs: []*string{
				to.Ptr("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub")},
			RecommendationsConfiguration: []*armsecurity.RecommendationConfigurationProperties{
				{
					RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTOpenPorts),
					Status:             to.Ptr(armsecurity.RecommendationConfigStatusDisabled),
				},
				{
					RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTSharedCredentials),
					Status:             to.Ptr(armsecurity.RecommendationConfigStatusDisabled),
				}},
			Status:                  to.Ptr(armsecurity.SecuritySolutionStatusEnabled),
			UnmaskedIPLoggingStatus: to.Ptr(armsecurity.UnmaskedIPLoggingStatusEnabled),
			UserDefinedResources: &armsecurity.UserDefinedResourcesProperties{
				Query: to.Ptr("where type != \"microsoft.devices/iothubs\" | where name contains \"iot\""),
				QuerySubscriptions: []*string{
					to.Ptr("075423e9-7d33-4166-8bdf-3920b04e3735")},
			},
			Workspace: to.Ptr("/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.IoTSecuritySolutionModel = armsecurity.IoTSecuritySolutionModel{
	// 	Name: to.Ptr("default"),
	// 	Type: to.Ptr("Microsoft.Security/IoTSecuritySolutions"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default"),
	// 	Tags: map[string]*string{
	// 	},
	// 	Location: to.Ptr("East Us"),
	// 	Properties: &armsecurity.IoTSecuritySolutionProperties{
	// 		AutoDiscoveredResources: []*string{
	// 			to.Ptr("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735"),
	// 			to.Ptr("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub")},
	// 			DisabledDataSources: []*armsecurity.DataSource{
	// 			},
	// 			DisplayName: to.Ptr("Solution Default"),
	// 			Export: []*armsecurity.ExportData{
	// 			},
	// 			IotHubs: []*string{
	// 				to.Ptr("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub")},
	// 				RecommendationsConfiguration: []*armsecurity.RecommendationConfigurationProperties{
	// 					{
	// 						Name: to.Ptr("Service Principal Not Used with ACR"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTAcrauthentication),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("Agent sending underutilized messages"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTAgentSendsUnutilizedMessages),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatus("TurnedOn")),
	// 					},
	// 					{
	// 						Name: to.Ptr("Operating system (OS) baseline validation failure"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTBaseline),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("Edge Hub memory can be optimized"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTEdgeHubMemOptimize),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("No Logging Configured for Edge Module"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTEdgeLoggingOptions),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("Module Settings Inconsistent in SecurityGroup"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTInconsistentModuleSettings),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("Install the Azure Security of Things Agent"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTInstallAgent),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("Default IP Filter Policy should be Deny"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTIpfilterDenyAll),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("IP Filter rule includes large IP range"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTIpfilterPermissiveRule),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("Open Ports On Device"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTOpenPorts),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusDisabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("Permissive firewall policy in one of the chains was found"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTPermissiveFirewallPolicy),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("Permissive firewall rule in the input chain was found"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTPermissiveInputFirewallRules),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("Permissive firewall rule in the output chain was found"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTPermissiveOutputFirewallRules),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("High level permissions configured in Edge model twin for Edge module"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTPrivilegedDockerOptions),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("Same Authentication Credentials used by multiple devices"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTSharedCredentials),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusDisabled),
	// 					},
	// 					{
	// 						Name: to.Ptr("TLS cipher suite upgrade"),
	// 						RecommendationType: to.Ptr(armsecurity.RecommendationTypeIoTVulnerableTLSCipherSuite),
	// 						Status: to.Ptr(armsecurity.RecommendationConfigStatusEnabled),
	// 				}},
	// 				Status: to.Ptr(armsecurity.SecuritySolutionStatusEnabled),
	// 				UnmaskedIPLoggingStatus: to.Ptr(armsecurity.UnmaskedIPLoggingStatusEnabled),
	// 				UserDefinedResources: &armsecurity.UserDefinedResourcesProperties{
	// 					Query: to.Ptr("where type != \"microsoft.devices/iothubs\" | where name contains \"iot\""),
	// 					QuerySubscriptions: []*string{
	// 						to.Ptr("075423e9-7d33-4166-8bdf-3920b04e3735")},
	// 					},
	// 					Workspace: to.Ptr("/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"),
	// 				},
	// 				SystemData: &armsecurity.SystemData{
	// 					CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-04-27T21:53:29.092Z"); return t}()),
	// 					CreatedBy: to.Ptr("string"),
	// 					CreatedByType: to.Ptr(armsecurity.CreatedByTypeUser),
	// 					LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-04-27T21:53:29.092Z"); return t}()),
	// 					LastModifiedBy: to.Ptr("string"),
	// 					LastModifiedByType: to.Ptr(armsecurity.CreatedByTypeUser),
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Use this method to create or update yours IoT Security solution
 *
 * @summary Use this method to create or update yours IoT Security solution
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json
 */
async function createOrUpdateAIoTSecuritySolution() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "MyGroup";
  const solutionName = "default";
  const iotSecuritySolutionData = {
    disabledDataSources: [],
    displayName: "Solution Default",
    export: [],
    iotHubs: [
      "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub",
    ],
    location: "East Us",
    recommendationsConfiguration: [
      { recommendationType: "IoT_OpenPorts", status: "Disabled" },
      { recommendationType: "IoT_SharedCredentials", status: "Disabled" },
    ],
    status: "Enabled",
    tags: {},
    unmaskedIpLoggingStatus: "Enabled",
    userDefinedResources: {
      query: 'where type != "microsoft.devices/iothubs" | where name contains "iot"',
      querySubscriptions: ["075423e9-7d33-4166-8bdf-3920b04e3735"],
    },
    workspace:
      "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.iotSecuritySolution.createOrUpdate(
    resourceGroupName,
    solutionName,
    iotSecuritySolutionData,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json
// this example is just showing the usage of "IotSecuritySolution_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://free.blessedness.top/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "MyGroup";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);

// get the collection of this IotSecuritySolutionResource
IotSecuritySolutionCollection collection = resourceGroupResource.GetIotSecuritySolutions();

// invoke the operation
string solutionName = "default";
IotSecuritySolutionData data = new IotSecuritySolutionData(new AzureLocation("East Us"))
{
    Workspace = "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
    DisplayName = "Solution Default",
    Status = SecuritySolutionStatus.Enabled,
    Export = { },
    DisabledDataSources = { },
    IotHubs = { "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" },
    UserDefinedResources = new UserDefinedResourcesProperties("where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", new string[] { "075423e9-7d33-4166-8bdf-3920b04e3735" }),
    RecommendationsConfiguration = { new RecommendationConfigurationProperties(IotSecurityRecommendationType.IotOpenPorts, RecommendationConfigStatus.Disabled), new RecommendationConfigurationProperties(IotSecurityRecommendationType.IotSharedCredentials, RecommendationConfigStatus.Disabled) },
    UnmaskedIPLoggingStatus = UnmaskedIPLoggingStatus.Enabled,
    Tags = { },
};
ArmOperation<IotSecuritySolutionResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, solutionName, data);
IotSecuritySolutionResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
IotSecuritySolutionData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default",
  "name": "default",
  "type": "Microsoft.Security/IoTSecuritySolutions",
  "location": "East Us",
  "tags": {},
  "properties": {
    "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
    "status": "Enabled",
    "export": [],
    "disabledDataSources": [],
    "displayName": "Solution Default",
    "iotHubs": [
      "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
    ],
    "userDefinedResources": {
      "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
      "querySubscriptions": [
        "075423e9-7d33-4166-8bdf-3920b04e3735"
      ]
    },
    "autoDiscoveredResources": [
      "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
      "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
    ],
    "recommendationsConfiguration": [
      {
        "recommendationType": "IoT_ACRAuthentication",
        "name": "Service Principal Not Used with ACR",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_AgentSendsUnutilizedMessages",
        "name": "Agent sending underutilized messages",
        "status": "TurnedOn"
      },
      {
        "recommendationType": "IoT_Baseline",
        "name": "Operating system (OS) baseline validation failure",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_EdgeHubMemOptimize",
        "name": "Edge Hub memory can be optimized",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_EdgeLoggingOptions",
        "name": "No Logging Configured for Edge Module",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_InconsistentModuleSettings",
        "name": "Module Settings Inconsistent in SecurityGroup",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_InstallAgent",
        "name": "Install the Azure Security of Things Agent",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_IPFilter_DenyAll",
        "name": "Default IP Filter Policy should be Deny",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_IPFilter_PermissiveRule",
        "name": "IP Filter rule includes large IP range",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_OpenPorts",
        "name": "Open Ports On Device",
        "status": "Disabled"
      },
      {
        "recommendationType": "IoT_PermissiveFirewallPolicy",
        "name": "Permissive firewall policy in one of the chains was found",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_PermissiveInputFirewallRules",
        "name": "Permissive firewall rule in the input chain was found",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_PermissiveOutputFirewallRules",
        "name": "Permissive firewall rule in the output chain was found",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_PrivilegedDockerOptions",
        "name": "High level permissions configured in Edge model twin for Edge module",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_SharedCredentials",
        "name": "Same Authentication Credentials used by multiple devices",
        "status": "Disabled"
      },
      {
        "recommendationType": "IoT_VulnerableTLSCipherSuite",
        "name": "TLS cipher suite upgrade",
        "status": "Enabled"
      }
    ],
    "unmaskedIpLoggingStatus": "Enabled"
  },
  "systemData": {
    "createdBy": "string",
    "createdByType": "User",
    "createdAt": "2020-04-27T21:53:29.0928001Z",
    "lastModifiedBy": "string",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-04-27T21:53:29.0928001Z"
  }
}

Status code:: 201

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default",
  "name": "default",
  "type": "Microsoft.Security/IoTSecuritySolutions",
  "location": "East Us",
  "tags": {},
  "properties": {
    "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
    "status": "Enabled",
    "export": [],
    "disabledDataSources": [],
    "displayName": "Solution Default",
    "iotHubs": [
      "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
    ],
    "userDefinedResources": {
      "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
      "querySubscriptions": [
        "075423e9-7d33-4166-8bdf-3920b04e3735"
      ]
    },
    "autoDiscoveredResources": [
      "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
      "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
    ],
    "recommendationsConfiguration": [
      {
        "recommendationType": "IoT_ACRAuthentication",
        "name": "Service Principal Not Used with ACR",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_AgentSendsUnutilizedMessages",
        "name": "Agent sending underutilized messages",
        "status": "TurnedOn"
      },
      {
        "recommendationType": "IoT_Baseline",
        "name": "Operating system (OS) baseline validation failure",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_EdgeHubMemOptimize",
        "name": "Edge Hub memory can be optimized",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_EdgeLoggingOptions",
        "name": "No Logging Configured for Edge Module",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_InconsistentModuleSettings",
        "name": "Module Settings Inconsistent in SecurityGroup",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_InstallAgent",
        "name": "Install the Azure Security of Things Agent",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_IPFilter_DenyAll",
        "name": "Default IP Filter Policy should be Deny",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_IPFilter_PermissiveRule",
        "name": "IP Filter rule includes large IP range",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_OpenPorts",
        "name": "Open Ports On Device",
        "status": "Disabled"
      },
      {
        "recommendationType": "IoT_PermissiveFirewallPolicy",
        "name": "Permissive firewall policy in one of the chains was found",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_PermissiveInputFirewallRules",
        "name": "Permissive firewall rule in the input chain was found",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_PermissiveOutputFirewallRules",
        "name": "Permissive firewall rule in the output chain was found",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_PrivilegedDockerOptions",
        "name": "High level permissions configured in Edge model twin for Edge module",
        "status": "Enabled"
      },
      {
        "recommendationType": "IoT_SharedCredentials",
        "name": "Same Authentication Credentials used by multiple devices",
        "status": "Disabled"
      },
      {
        "recommendationType": "IoT_VulnerableTLSCipherSuite",
        "name": "TLS cipher suite upgrade",
        "status": "Enabled"
      }
    ],
    "unmaskedIpLoggingStatus": "Enabled"
  },
  "systemData": {
    "createdBy": "string",
    "createdByType": "User",
    "createdAt": "2020-04-27T21:53:29.0928001Z",
    "lastModifiedBy": "string",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-04-27T21:53:29.0928001Z"
  }
}

Definitions

Name	Description
AdditionalWorkspaceDataType	List of data types sent to workspace
AdditionalWorkspacesProperties	Properties of the additional workspaces.
AdditionalWorkspaceType	Workspace type.
CloudError	Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody	The error detail.
createdByType	The type of identity that created the resource.
DataSource	Disabled data sources. Disabling these data sources compromises the system.
ErrorAdditionalInfo	The resource management error additional info.
ExportData	List of additional options for exporting to workspace data.
IoTSecuritySolutionModel	IoT Security solution configuration and resource information.
RecommendationConfigStatus	Recommendation status. When the recommendation status is disabled recommendations are not generated.
RecommendationConfigurationProperties	The type of IoT Security recommendation.
RecommendationType	The type of IoT Security recommendation.
SecuritySolutionStatus	Status of the IoT Security solution.
systemData	Metadata pertaining to creation and last modification of the resource.
UnmaskedIpLoggingStatus	Unmasked IP address logging status
UserDefinedResourcesProperties	Properties of the IoT Security solution's user defined resources.

AdditionalWorkspaceDataType

Enumeration

List of data types sent to workspace

Value	Description
Alerts
RawEvents

AdditionalWorkspacesProperties

Object

Properties of the additional workspaces.

Name	Type	Default value	Description
dataTypes	AdditionalWorkspaceDataType[]		List of data types sent to workspace
type	AdditionalWorkspaceType	Sentinel	Workspace type.
workspace	string		Workspace resource id

AdditionalWorkspaceType

Enumeration

Workspace type.

Value	Description
Sentinel

CloudError

Object

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	The error additional info.
error.code	string	The error code.
error.details	CloudErrorBody[]	The error details.
error.message	string	The error message.
error.target	string	The error target.

CloudErrorBody

Object

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	CloudErrorBody[]	The error details.
message	string	The error message.
target	string	The error target.

createdByType

Enumeration

The type of identity that created the resource.

Value	Description
User
Application
ManagedIdentity
Key

DataSource

Enumeration

Disabled data sources. Disabling these data sources compromises the system.

Value	Description
TwinData	Devices twin data

ErrorAdditionalInfo

Object

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ExportData

Enumeration

List of additional options for exporting to workspace data.

Value	Description
RawEvents	Agent raw events

IoTSecuritySolutionModel

Object

IoT Security solution configuration and resource information.

Name	Type	Default value	Description
id	string		Resource Id
location	string		The resource location.
name	string		Resource name
properties.additionalWorkspaces	AdditionalWorkspacesProperties[]		List of additional workspaces
properties.autoDiscoveredResources	string[]		List of resources that were automatically discovered as relevant to the security solution.
properties.disabledDataSources	DataSource[]		Disabled data sources. Disabling these data sources compromises the system.
properties.displayName	string		Resource display name.
properties.export	ExportData[]		List of additional options for exporting to workspace data.
properties.iotHubs	string[]		IoT Hub resource IDs
properties.recommendationsConfiguration	RecommendationConfigurationProperties[]		List of the configuration status for each recommendation type.
properties.status	SecuritySolutionStatus	Enabled	Status of the IoT Security solution.
properties.unmaskedIpLoggingStatus	UnmaskedIpLoggingStatus	Disabled	Unmasked IP address logging status
properties.userDefinedResources	UserDefinedResourcesProperties		Properties of the IoT Security solution's user defined resources.
properties.workspace	string		Workspace resource ID
systemData	systemData		Azure Resource Manager metadata containing createdBy and modifiedBy information.
tags	object		Resource tags
type	string		Resource type

RecommendationConfigStatus

Enumeration

Recommendation status. When the recommendation status is disabled recommendations are not generated.

Value	Description
Disabled
Enabled

RecommendationConfigurationProperties

Object

The type of IoT Security recommendation.

Name	Type	Default value	Description
name	string
recommendationType	RecommendationType		The type of IoT Security recommendation.
status	RecommendationConfigStatus	Enabled	Recommendation status. When the recommendation status is disabled recommendations are not generated.

RecommendationType

Enumeration

The type of IoT Security recommendation.

Value	Description
IoT_ACRAuthentication	Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.
IoT_AgentSendsUnutilizedMessages	IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.
IoT_Baseline	Identified security related system configuration issues.
IoT_EdgeHubMemOptimize	You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.
IoT_EdgeLoggingOptions	Logging is disabled for this edge module.
IoT_InconsistentModuleSettings	A minority within a device security group has inconsistent Edge Module settings with the rest of their group.
IoT_InstallAgent	Install the Azure Security of Things Agent.
IoT_IPFilter_DenyAll	IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.
IoT_IPFilter_PermissiveRule	An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.
IoT_OpenPorts	A listening endpoint was found on the device.
IoT_PermissiveFirewallPolicy	An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.
IoT_PermissiveInputFirewallRules	A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IoT_PermissiveOutputFirewallRules	A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
IoT_PrivilegedDockerOptions	Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).
IoT_SharedCredentials	Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.
IoT_VulnerableTLSCipherSuite	Insecure TLS configurations detected. Immediate upgrade recommended.

SecuritySolutionStatus

Enumeration

Status of the IoT Security solution.

Value	Description
Enabled
Disabled

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string (date-time)	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string (date-time)	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.

UnmaskedIpLoggingStatus

Enumeration

Unmasked IP address logging status

Value	Description
Disabled	Unmasked IP logging is disabled
Enabled	Unmasked IP logging is enabled

UserDefinedResourcesProperties

Object

Properties of the IoT Security solution's user defined resources.

Name	Type	Description
query	string	Azure Resource Graph query which represents the security solution's user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs""
querySubscriptions	string[] pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$	List of Azure subscription ids on which the user defined resources query should be executed.