Configure the Service Graph Connector for Microsoft Defender for IoT (Azure)

  • Release version: Australia
  • Updated March 12, 2026
  • 8 minutes to read

    • Use the guided setup for the Service Graph Connector for Microsoft Defender for IoT (Azure) to lead you through the integration steps.

    Before you begin

    Dependencies and requirements:
    • The Integration Commons for CMDB store app, which is automatically installed.
    • The CMDB CI Class Models app, which is automatically installed.
    • The ITOM Discovery License plugin (com.snc.itom.discovery.license). You must activate this plugin.
    • ITOM Licensing plugin (com.snc.itom.license). For more information, see Request Discovery.
    • The Datastream Action plugin (com.glide.hub.action_type.datastream), which is automatically installed.
    • The Industrial Core plugin. You must activate this plugin.

      The Industrial Core plugin is required to access the class mappings table for the Service Graph Connector for Microsoft Defender for IoT (Azure). For more information about the Industrial Core plugin, see Industrial Core plugin.

    Role required: admin

    Note:
    If you have an earlier version of the Service Graph Connector for Microsoft Defender for IoT (Azure), then don’t migrate data from the old connector. You must uninstall the previous version and run the new integration.

    Procedure

    1. Ensure that the application scope is set to the Service Graph Connector for Microsoft Defender for IoT (Azure) application by using the application picker.
      For more information, see Application picker.
    2. Navigate to All > Service Graph for MSFT D4IoT (Azure) > Guided Setup.
    3. On the Getting started page, select Get Started.
    4. To access the Azure resources, complete the following:
      1. Select the Access to Azure Resources task.
      2. Once you complete the instructions in the description, select Mark as Complete.
    5. To set up the connections and credentials, complete the following:
      1. In the Configure Connections and Credentials section, select the Setup Connections and Credentials task.
      2. Select Configure.
      3. Select the SG-OT Azure Connection record.
      4. Select the Create New Connection & Credential related link.
      5. In the Create Connection and Credential window, fill in the following fields.
        Field Description
        Connection Name Display name for the connection record
        Connection URL Azure URL
        OAuth Client ID Client ID (application ID) or Service Principal ID
        OAuth Client Secret Client secret key associated with the Service Principal
        OAuth Token URL URL to fetch Authorization token. Replace <tenantid> in the URL with the Tenant ID value.
        Note:
        When a token generation is successful, a new window appears with a success message. When a token generation isn’t successful, a new window with the error message OAuth flow failed appears. Please check the details provided and try again by editing the record you created.
      6. Select Create and Get OAuth Token.
    6. To test the connection, complete the following:
      1. In the Setup Connections and Credentials section, select the Test/Validate Connection task.
      2. Select the Test Connection UI action from the related links section on the data source record for sensors.
        After completing the connection test, view the results. You must perform the suggested troubleshooting steps until the test result returns Success.
    7. To configure the system properties, complete the following:
      1. In the Configure System Properties section, select Configure.
      2. Configure the following system properties.
        Property Description
        sn_msftd4iotazsgc.resource_path Set the resource path property.

        The default Resource Path for the ARG REST API version 2021-03-01 is/providers/Microsoft.ResourceGraph/resources.
        sn_msftd4iotazsgc.pagesize.sensor Set the page size property for sensors.
        • As Azure ARG REST API supports pagination, you can choose the number of records per page for each API.
        • The default is 1000 records per page.
          Note:
          1000 is also the maximum number of records per page.
        sn_msftd4iotazsgc.pagesize.device Set the page size property for devices.
        • As Azure ARG REST API supports pagination, you can choose the number of records per page for each API.
        • The default is 1000 records per page.
          Note:
          1000 is also the maximum number of records per page.
        sn_msftd4iotazsgc.get_all_devices
        • For devices, you can choose to fetch all records (box checked) or the delta (box unchecked).
        • The DELTA fetches all the records created or updated since the start time of the last successful import in the CMDB.
        Note:
        When you run the Devices Integration for the first time, all records are imported independent of this property.
        sn_msftd4iotazsgc.convert_sensor_names_to_lowercase Set this property for devices import.
        • This system property is used to convert the sensor names provided by Microsoft Azure into lowercase while importing devices.
        • This is required as Microsoft Azure expects data for the query in a lowercase format.
        sn_msftd4iotazsgc.filter.device_sub_types Set this property for filtering the devices during device import by sub type.
        • Comma-separated list of Microsoft Azure sub types to filter the devices.
        • For example: to import only PLCs and servers, provide the value from the DeviceSubType attribute from Microsoft Azure as Server, PLC.
        sn_msftd4iotazsgc.filter.device_tags Set this property for filtering the devices during device import by device tag.
        • Comma-separated list of case sensitive tags that are needed to filter devices.
        • For example: to import devices with specific tags, provide a list of values from the DeviceTags attribute in Microsoft Azure.
        sn_msftd4iotazsgc.filter.custom_query Set this property to add more filters for device import apart from the Device SubType and Device Tags filter.
        • Query to filter based on other attributes.
        • This allows filtering for other attributes. For more information, see Azure Query Language.
        sn_msftd4iotazsgc.azure_d4iot_site_map_fields An object of fields from the Microsoft Defender for IoT (Azure) Site Map. When a field is set to True, the Service Graph Connector for Microsoft Defender for IoT (Azure) passes the value of the Site Map field to the corresponding field on each CI discovered by the integration at the Azure site.

        If set to False or not populated on the Site Map record, the field isn't set on the imported CIs associated with the Azure site.

        For consistency with the other integrations using the NIDS framework, check this system property. By default, only location and equipment_model_entity are set to True.
        sn_msftd4iotazsgc.devices_fetch_type Indicates if devices are fetched per sensor, Active Scan devices, or both.
        sn_msftd4iotazsgc.active_scan_get_all_devices Set this system property to import all Active Scan devices. If not checked, then only the Active Scan devices created or updated since the last successful import are imported. The default value is No.
        sn_msftd4iotazsgc.filter.active_scan.device_sub_types Comma-separated list of Azure subtypes to filter the Active Scan devices. For example, to only import PLCs and servers, provide the value from the Device SubType attribute as Server, PLC in Azure.
        sn_msftd4iotazsgc.filter.active_scan.device_tags Comma-separated list of case sensitive tags needed to filter Active Scan devices. For example, to import Active Scan devices with specific tags, provide a list of values from the DeviceTags attribute from Azure.
        sn_msftd4iotazsgc.filter.active_scan.custom_query Query to filter other attributes for Active Scan devices. For example, to allow filtering on other attributes.

        For more information about the Azure query language, see Azure Query Language for more information.
      3. Select Save.
    8. To import sensors, complete the following:
      1. In the Configure Sensors (NIDS) section, select the Import Sensors task.
      2. Select Configure.
      3. Select Active to activate the Scheduled Data Import job.
    9. To configure the NIDS, complete the following:
      1. In the Configure Sensors (NIDS) section, select the Import Sensors task.
      2. Select Mark as complete once you complete the NIDS configuration linked in the description.
    10. To configure import schedules, complete the following:
      1. In the Configure Import Schedules section, select Configure.
      2. Select SG-OT Microsoft Azure D4IoT Sensors Scheduled Import to review or change the sensors import schedule as needed.
        1. Select Active to activate the sensors import schedule.
        2. By default, the sensors import schedule is configured to run daily at midnight. Change the schedule using the Run and Time fields.
        3. Select the Conditional check box to make this schedule conditional.
        4. Select Execute Now to start a manual import.
      3. Select SG-OT Microsoft Azure D4IoT Devices Scheduled Import to review or change the devices import schedule as needed.
        1. Select Active to activate the sensors import schedule.
        2. By default, the sensors import schedule is configured to run daily at midnight. Change the schedule using the Run and Time fields.
        3. Select the Conditional check box to make this schedule conditional.
        4. Select Execute Now to start a manual import.
        Note:
        Devices are queried per sensor. The Service Graph Connector only queries for devices detected by a validated sensor. For more information, see step 9.
    11. Optional: When configuration items (CIs) are created in the CMDB, asset records are created.
      The asset record contains the model category of the CI. For more information about the model categories for Operational Technology (OT), see Model categories for Operational Technology. To view the model category for an OT device, complete the following:
      1. Navigate to All > Operational Technology (OT) > All OT Devices.
      2. Select an OT device to view its asset record in a new tab.
    12. Optional: To troubleshoot the Service Graph Connector for Microsoft Defender for IoT (Azure), complete the following:
      1. Select the [OPTIONAL] Troubleshooting the Service Graph Connector for Microsoft Defender for IoT (Azure) section.
      2. In the Execute the validations scheduled job task, select Configure.
      3. Select Execute Now.
        This job performs tasks to validate the configurations for SGC and the connection to Microsoft Azure. If configuration issues are found, the validation results report the problem and suggest troubleshooting steps. Wait for the scheduled job to finish.
      4. Once the scheduled job is complete, Navigate back to the [OPTIONAL] Troubleshooting the Service Graph Connector for Microsoft Defender for IoT (Azure) section.
      5. In the Review validation results task, select Configure.
        This step opens the execution logs and suggestions of the last troubleshooting run for you to view.
      6. Address the suggestions as needed.
        Note:
        You can use the scheduled script at any point after the initial configuration of the Service Graph Connector Integration for Claroty CTD. To trigger validations, navigate to All > Service Graph for MSFT D4IoT (Azure) > Troubleshooting > Run Troubleshooting. To view the validation results, navigate to All > Service Graph for MSFT D4IoT (Azure) > Troubleshooting > Results.

    What to do next

    You can now connect Microsoft Defender for IoT (Azure) with the ServiceNow Service Graph Connector for Microsoft Defender for IoT (Azure). For more information, see Connecting your Microsoft Defender for IoT (Azure) subscription to the ServiceNow Service Graph Connector for Microsoft Defender for IoT (Azure) (KB1587770).