Connect to the Microsoft Defender for IoT (Azure)

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read

    • Connect to Microsoft Defender for IoT (Azure) to begin the Vulnerability Integration setup.

    Before you begin

    Review that you have Security Reader permission enabled on Microsoft Defender for IoT Azure, which provides the following user actions:
    • Download sensor endpoint details
    • View values on the Sites and sensors page
    • View Azure device inventory
    • View Azure workbooks
    • View Defender for IoT settings
    • Download OT threat intelligence packages

    For more information, see Azure user roles and permissions for Defender for IoT.

    Role required: admin

    Procedure

    1. Navigate to All > Azure D4IoT Vulnerability Integration > Admin > Guided Setup.
    2. In the Connect to Microsoft Defender for IoT (Azure) section, select the Setup Connections task.
    3. On the Setup Connections task page, select Configure.
      The Connect to Microsoft Azure Defender for IoT page opens.
    4. On the form, fill in the following fields.
      Table 1. Connect to Microsoft Azure Defender for IoT form
      Field Description
      OAuth Token URL The OAuth 2.0 token URL for login.microsoftonline.com. For example, https://login.microsoftonline.com/<your tenant id>/oauth2/v2.0/token.
      OAuth Client ID Your client ID.
      OAuth Client Secret Your client secret.
      Page Size Limit The maximum number of records to pull for each page of data. The default is 500.
      Minimum CVSS Score Only vulnerabilities with a CVSS score greater than or equal to this value are imported. The default is 0.0 for all vulnerabilities.

      Run After Service Graph Connector Import

      This is a recommended field that runs the vulnerability import immediately after the Service Graph Connector for Microsoft Defender for IoT (Azure) devices import is completed. This ensures the best probability of matching incoming vulnerability data to the CMDB.

      Most commonly, the value is SG-OT Microsoft Azure D4IoT Devices Scheduled Import. When selecting this field, leave the Azure D4IoT Vulnerability Detection Integration - Full Import scheduled job set to run On Demand. This ensures that the Service Graph Connector device import can execute it as a child job once the devices import is complete.
      Daily Import Time If you're not using the Run After Service Graph Connector Import field, you can set the daily import time of the integration using this field.
      Note:
      If you have a scheduled import selected for the Run After Service Graph Connector Import field, this field is unavailable.
    5. Select Update.
    6. Select Test Connection.
      If the connection test is successful, a Results 200 output message appears. An unsuccessful connection attempt displays the error code and the message received from Microsoft Defender for IoT (Azure).