{"id":112506,"date":"2022-04-25T09:00:00","date_gmt":"2022-04-25T16:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=112506"},"modified":"2023-05-15T23:05:19","modified_gmt":"2023-05-16T06:05:19","slug":"microsoft-best-practices-for-managing-iot-security-concerns","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/","title":{"rendered":"Microsoft best practices for managing IoT security concerns"},"content":{"rendered":"\n<p>The Internet of Things, or IoT, has expanded beyond the mere concept that it was when first introduced. IoT is now part of most individuals\u2019 daily activities, from smart speakers and thermostats to smartwatches and vehicles. <a href=\"https:\/\/azure.microsoft.com\/overview\/iot\/security\/\" target=\"_blank\" rel=\"noreferrer noopener\">IoT devices and systems<\/a> bring massive convenience and functionality. IoT is transforming the way businesses function, and more rapidly than ever, industrial IoT, manufacturing, and critical infrastructure are depending on IoT for their operations. However, due to the complicated nature of IoT, when implementing and managing IoT, security must be top of mind. During a thorough survey, organizations were asked about their top security concerns when implementing IoT. Figure 1 identifies such concerns as per the <a href=\"https:\/\/azure.microsoft.com\/resources\/iot-signals\/\" target=\"_blank\" rel=\"noreferrer noopener\">IoT Signals report<\/a> published in October 2021:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Ensuring data privacy (46%).<\/li><li>Ensuring network-level security (40%).<\/li><li>Security endpoints for each IoT device (39%).<\/li><li>Tracking and managing each IoT device (36%).<\/li><li>Making sure all existing software is updated (35%).<\/li><li>Updating firmware and other software on devices (34%).<\/li><li>Performing hardware\/software tests and device evaluation (34%).<\/li><li>Updating encryption protocols (34%).<\/li><li>Conducting comprehensive training programs for employees involved in IoT environment (33%).<\/li><li>Securely provisioning devices (33%).<\/li><li>Shifting from device-level to identity-level control (29%).<\/li><li>Changing default passwords and credentials (29%).<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"931\" height=\"680\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture2-625f2c895e2fd.png\" alt=\"This table is captured from the 2021 Signals repots, which lists the top customer concerns in the IoT security field. \" class=\"wp-image-112533\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture2-625f2c895e2fd.png 931w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture2-625f2c895e2fd-300x219.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture2-625f2c895e2fd-768x561.png 768w\" sizes=\"(max-width: 931px) 100vw, 931px\" \/><\/figure>\n\n\n\n<p><em>Figure 1: Types of IoT security<\/em>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The importance of security for IoT<\/h2>\n\n\n\n<p>Rewinding back to 2016, a major Distributed Denial of Service (DDoS) attack took place on a major internet service provider, impacting multiple websites and their customers. Why? Thousands of users failed to change the default passwords on their connected devices, providing an opportunity for attackers to form a botnet attack. Consequences? Detrimental. Fast-forwarding to the more recent years, security in IoT is finally starting to gain attention due to the realization of the impact any attack has on organizations and users. As outlined in <a href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RWJJdT\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft\u2019s Zero Trust paper<\/a>, below are some of the many consequences of IoT breaches:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Operation and revenue impact due to potential changes in production, quality, and core business.<\/li><li>Customer impact due to changes in product and service experience and reputation.<\/li><li>Regulation impact due to non-compliance with government and industry-wide regulations.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Design lifecycle and risk diligence<\/h2>\n\n\n\n<p>Microsoft provides numerous tools, services, and capabilities that address IoT Security concerns, while also providing effective solutions to mitigate top IoT Security issues.<\/p>\n\n\n\n<p>When designing an IoT solution, it is important to understand the potential threats within the design. This will provide an opportunity to integrate security and risk diligence in each step of the design lifecycle, as well as harden and maintain your solution\u2019s security protocols. <strong>First step <\/strong>is understanding how to secure your IoT environment. <strong>Second step<\/strong> is identifying and mitigating potential security issues within your design. <strong>Third step<\/strong> is maintaining a security maturity model that allows you to track and manage the maturity of your design\u2019s information security management. Finally, <strong>fourth step<\/strong> is following Microsoft\u2019s Zero Trust principles to mitigate top security concerns.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Top properties of a highly secured IoT environment (device security)<\/h3>\n\n\n\n<p>Building a secure IoT solution is not an easy task. However, following the most studied and recommended principles and practices will provide you with the necessary tools needed to achieve optimal security within the design. Refer to Figure 2 for the top seven properties utilized within all highly secured and connected devices: hardware-based root of trust, small trusted computing base, defense in depth, compartmentalization, certificate-based authentication, renewable security, and failure reporting.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"246\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture3-1024x246.png\" alt=\"Listed are the top seven properties required in all highly secure devices.\" class=\"wp-image-112536\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture3-1024x246.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture3-300x72.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture3-768x184.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture3-1536x368.png 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Picture3-2048x491.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><em>Figure 2: Top properties of highly secure devices.<\/em><\/p>\n\n\n\n<p>For a deep dive on each of the seven properties, please read the <a href=\"https:\/\/www.microsoft.com\/research\/wp-content\/uploads\/2017\/03\/SevenPropertiesofHighlySecureDevices.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Seven Properties of Highly Secure Devices<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Threat modeling<\/h3>\n\n\n\n<p>When designing an IoT solution, one must understand the potential threats that accompany that solution and identify the best protocols to defend the solution from such threats. Starting the design of a solution with security as a top aspect will help with this process. This is why Microsoft offers the Threat Modeling Tool, which is a key aspect of Microsoft Security Development Lifecycle. The tool encompasses five major steps in the security lifecycle: define, diagram, identify, mitigate, and validate. Additionally, the tool enables users to share information about their systems\u2019 security designs, analyze designs for security issues, and provide mitigation suggestions for the identified issues.<\/p>\n\n\n\n<p>For more details on the Threat Modeling Tool, please visit <a href=\"https:\/\/www.microsoft.com\/securityengineering\/sdl\/threatmodeling\">Microsoft Security Development Lifecycle Threat Modeling<\/a>. <\/p>\n\n\n\n<p>For information on Microsoft Security Development Lifecycle, please visit <a href=\"https:\/\/www.microsoft.com\/securityengineering\/sdl\/\">Microsoft Security Development Lifecycle<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Security Maturity Model (SMM)<\/h3>\n\n\n\n<p>What is SMM and how does it help? Security maturity is the measure of the understanding of the current security level, its necessity, benefits, and cost of its support. It provides a degree of confidence in the effectiveness of security implementation in meeting organizational needs, with an understanding of necessity, benefits, and costs:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Builds on existing maturity models, frameworks, and concepts.<\/li><li>Provides a holistic solution addressing process, technology, and operations.<\/li><li>Provides actionable guidance for specific IoT scenarios.<\/li><li>Connects maturity with control frameworks, best practices, and other guidance.<\/li><li>Enables IoT providers to invest appropriately in security mechanisms to meet their requirements.<\/li><\/ul>\n\n\n\n<p>To help prioritize IoT Zero Trust investments, you can use <a href=\"https:\/\/www.iiconsortium.org\/smm.htm\" target=\"_blank\" rel=\"noreferrer noopener\">the Industry IoT Consortium\u2019s (IIC) IoT Security Maturity Model<\/a> to help assess the security risks for your business.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Zero Trust principles and best practices for end-to-end security<\/h3>\n\n\n\n<p>When designing an IoT solution, it is extremely important to identify and understand potential threats to that solution. To help with this process, Microsoft established five <a href=\"https:\/\/www.microsoft.com\/security\/business\/zero-trust\">Zero Trust principles<\/a> that encourage defense in depth procedures and provide clear guidelines on achieving optimal security within IoT solutions.<\/p>\n\n\n\n<p>Our customers and partners have IoT security-related concerns, such as ensuring data privacy and maintaining a solid process for changing default passwords. To address these concerns, we apply the Zero Trust principles within our products and services. The following sections are linked to our Well-Architectured Framework for IoT security, which expands on many of the Microsoft products and services that provide highly secured protocols for IoT solutions.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Strong identity<\/h4>\n\n\n\n<p>The first pillar of Zero Trust principles is having a <a href=\"https:\/\/docs.microsoft.com\/azure\/architecture\/framework\/iot\/iot-security#strong-identity\" target=\"_blank\" rel=\"noreferrer noopener\">strong identity<\/a> for IoT devices. Maintaining a strong identity within your IoT ecosystem can be achieved using a variety of processes and protocols. To name a few, having a <strong>hardware root of trust<\/strong>, <strong>strong authentication and authorization protocols<\/strong>, and <strong>renewable credentials<\/strong> are great steps towards mitigating the top identity concerns.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Least-privileged access<\/h4>\n\n\n\n<p>In addition to the strong identity provided by integrated devices and services, Zero Trust requires <a href=\"https:\/\/docs.microsoft.com\/azure\/architecture\/framework\/iot\/iot-security#least-privileged-access\" target=\"_blank\" rel=\"noreferrer noopener\">least-privileged access<\/a> control to limit any potential blast radius from authenticated identities that may have been compromised or running unapproved workloads. From access control policies and protocols to strong authentication mechanisms, Microsoft has its customers covered with a strong list of services such as <a href=\"https:\/\/azure.microsoft.com\/services\/azure-sphere\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Azure Sphere<\/a>, which securely connects microcontroller unit (MCU)-powered devices from the silicon to the cloud, while implementing least-privilege access by default.<\/p>\n\n\n\n<p>Additionally, Microsoft provides a wide variety of training programs and resources to anyone interested in or working in an IoT environment. From Cybersecurity 101 training to Cybersecurity Awareness Month, employees can benefit from Microsoft\u2019s implementations for IoT and operational technology (OT) security. For a full list of Microsoft Security trainings and programs, please read <a href=\"https:\/\/www.microsoft.com\/securitynow\">#BeCyberSmart\u2014When we learn together, we&#8217;re more secure together.<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Device health<\/h4>\n\n\n\n<p>Maintaining a <a href=\"https:\/\/docs.microsoft.com\/azure\/architecture\/framework\/iot\/iot-security#apply-zero-trust-to-your-existing-iot-infrastructure\" target=\"_blank\" rel=\"noreferrer noopener\">device\u2019s health<\/a> means regularly running scans that provide effective information such as potential threats, vulnerabilities, weakened passwords, and anomalous behaviors. A trusted device must be continuously verified for its health, and such scans will enable such verification and ensure that only trusted and verified devices can access the larger IoT ecosystem. Microsoft tools such as <a href=\"https:\/\/azure.microsoft.com\/services\/iot-defender\/#features\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Defender for IoT<\/a> and <a href=\"https:\/\/azure.microsoft.com\/services\/microsoft-sentinel\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Sentinel<\/a> will help your organization track and manage its IoT devices and perform the necessary tests and evaluations to understand where your devices\u2019 health stands.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Continual updates<\/h4>\n\n\n\n<p>To maintain IoT device health, <a href=\"https:\/\/docs.microsoft.com\/azure\/architecture\/framework\/iot\/iot-security#continual-updates\" target=\"_blank\" rel=\"noreferrer noopener\">continuous software and firmware updates<\/a> are critical. A healthy target state should be identified and met at all times through centralized configuration and compliance management. <a href=\"https:\/\/docs.microsoft.com\/azure\/iot-hub-device-update\/understand-device-update\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Device Update for IoT Hub<\/a> is a great service for deploying over-the-air (OTA) updates to your IoT devices.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Security monitoring and response<\/h4>\n\n\n\n<p>Coupled with continuous monitoring for trusted device health, <a href=\"https:\/\/docs.microsoft.com\/azure\/architecture\/framework\/iot\/iot-security#use-zero-trust-as-criteria-to-select-iot-devices\" target=\"_blank\" rel=\"noreferrer noopener\">security monitoring and response<\/a> further hardens the security of IoT devices by quickly identifying threats and providing the best mitigation protocols. Microsoft follows a defense in depth approach and offers IoT services that follow the key Zero Trust capabilities. This includes monitoring and controlling access to public endpoints, running security agents for security monitoring and detection, and incorporating response systems in all IoT devices. Tools and services like the Microsoft Defender for IoT will bring your IoT solutions one step closer to strong security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Learn More<\/h2>\n\n\n\n<p>To learn more about strengthening your IoT security, visit <a href=\"https:\/\/azure.microsoft.com\/overview\/iot\/security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Azure IoT Security<\/a>.<\/p>\n\n\n\n<p>Explore the <a href=\"https:\/\/www.microsoft.com\/security\/business\/zero-trust\/\">Microsoft Zero Trust<\/a> approach to comprehensive security. <\/p>\n\n\n\n<p>To learn more about Microsoft Security solutions,&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/business\/solutions\">visit our&nbsp;website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Internet of Things, or IoT, has expanded beyond the mere concept that it was when first introduced. IoT is now part of most individuals\u2019 daily activities, from smart speakers and thermostats to smartwatches and vehicles. IoT devices and systems bring massive convenience and functionality. However, due to the complicated nature of IoT, when implementing and managing IoT, security must be top of mind. <\/p>\n","protected":false},"author":162,"featured_media":112512,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3676,3685,3689],"products":[3690,3699,3726],"threat-intelligence":[],"tags":[3809],"coauthors":[3132],"class_list":["post-112506","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-best-practices","topic-iot-security","topic-siem-and-xdr","topic-zero-trust","products-microsoft-defender","products-microsoft-defender-for-iot","products-microsoft-sentinel","tag-security-strategies"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft best practices for managing IoT security concerns | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft best practices for managing IoT security concerns | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"The Internet of Things, or IoT, has expanded beyond the mere concept that it was when first introduced. IoT is now part of most individuals\u2019 daily activities, from smart speakers and thermostats to smartwatches and vehicles. IoT devices and systems bring massive convenience and functionality. However, due to the complicated nature of IoT, when implementing and managing IoT, security must be top of mind.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-25T16:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:05:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"854\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mariam Gewida\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mariam Gewida\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mariam-gewida\/\",\"@type\":\"Person\",\"@name\":\"Mariam Gewida\"}],\"headline\":\"Microsoft best practices for managing IoT security concerns\",\"datePublished\":\"2022-04-25T16:00:00+00:00\",\"dateModified\":\"2023-05-16T06:05:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/\"},\"wordCount\":1482,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg\",\"keywords\":[\"Security strategies\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/\",\"name\":\"Microsoft best practices for managing IoT security concerns | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg\",\"datePublished\":\"2022-04-25T16:00:00+00:00\",\"dateModified\":\"2023-05-16T06:05:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg\",\"width\":1200,\"height\":854,\"caption\":\"Microsoft Cyber Defense Operations Center.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft best practices for managing IoT security concerns\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft best practices for managing IoT security concerns | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft best practices for managing IoT security concerns | Microsoft Security Blog","og_description":"The Internet of Things, or IoT, has expanded beyond the mere concept that it was when first introduced. IoT is now part of most individuals\u2019 daily activities, from smart speakers and thermostats to smartwatches and vehicles. IoT devices and systems bring massive convenience and functionality. However, due to the complicated nature of IoT, when implementing and managing IoT, security must be top of mind.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/","og_site_name":"Microsoft Security Blog","article_published_time":"2022-04-25T16:00:00+00:00","article_modified_time":"2023-05-16T06:05:19+00:00","og_image":[{"width":1200,"height":854,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg","type":"image\/jpeg"}],"author":"Mariam Gewida","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg","twitter_misc":{"Written by":"Mariam Gewida","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mariam-gewida\/","@type":"Person","@name":"Mariam Gewida"}],"headline":"Microsoft best practices for managing IoT security concerns","datePublished":"2022-04-25T16:00:00+00:00","dateModified":"2023-05-16T06:05:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/"},"wordCount":1482,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg","keywords":["Security strategies"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/","name":"Microsoft best practices for managing IoT security concerns | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg","datePublished":"2022-04-25T16:00:00+00:00","dateModified":"2023-05-16T06:05:19+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/04\/Win17_15021_00_N12_featured.jpg","width":1200,"height":854,"caption":"Microsoft Cyber Defense Operations Center."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/04\/25\/microsoft-best-practices-for-managing-iot-security-concerns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft best practices for managing IoT security concerns"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/112506"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/162"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=112506"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/112506\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/112512"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=112506"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=112506"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=112506"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=112506"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=112506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=112506"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=112506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}