Provision sensors for cloud management
This article is one in a series of articles describing the deployment path for OT monitoring with Microsoft Defender for IoT, and describes how to ensure that your firewall rules allow connectivity to Azure from your OT sensors.
If you're working with air-gapped environment and locally-managed sensors, you can skip this step.
Prerequisites
To perform the steps described in this article, you need access to the Azure portal as a Security Reader, Security Admin, Contributor, or Owner user.
This step is performed by your connectivity teams.
Allow connectivity to Azure
This section describes how to download a list of required endpoints to define in firewall rules, ensuring that your OT sensors can connect to Azure.
This procedure is also used to configure direct connections to Azure. If you're planning to use a proxy configuration instead, you'll configure proxy settings after installing and activating your sensor.
For more information, see Methods for connecting sensors to Azure.
To download required endpoint details:
On the Azure portal, go to Defender for IoT > Sites and sensors.
Select More actions > Download endpoint details.
Configure your firewall rules so that your sensor can access the cloud on port 443, to each of the listed endpoints in the downloaded list.
Important
Azure public IP addresses are updated weekly. If you must define firewall rules based on IP addresses, make sure to download the new JSON file each week and make the required changes on your site to correctly identify services running in Azure.