Manage OT plans on Azure subscriptions

Your Defender for IoT deployment is managed through a Microsoft Defender for IoT plan on your Azure subscription. For OT networks, use Defender for IoT in the Azure portal to onboard, edit, and cancel Defender for IoT plans.

If you're looking to manage Enterprise IoT plans, see Manage Defender for IoT plans for Enterprise IoT security monitoring.

Note

If you've come to this page because you are a former CyberX customer and have questions about your account, reach out to your account manager for guidance.

Prerequisites

Before performing the procedures in this article, make sure that you have:

Calculate committed devices for OT monitoring

If you're adding a plan with a monthly or annual commitment, you'll be asked to enter the number of committed devices, which are the approximate number of devices that will be monitored in your enterprise.

We recommend that you make an initial estimate of your committed devices when onboarding your Defender for IoT plan. You can skip this procedure if you're adding a trial plan.

To calculate committed devices::

  1. Collect the total number of devices at each site in your network, and add them together.

  2. Remove any of the following devices, which are not considered as committed devices by Defender for IoT:

    • Public internet IP addresses
    • Multi-cast groups
    • Broadcast groups
    • Inactive devices: Devices that have no network activity detected for more than 60 days

After you've onboarded your plan, set up a network sensor and have full visibility into your devices, edit a plan to update the number of committed devices as needed.

Onboard a Defender for IoT plan for OT networks

This procedure describes how to add a Defender for IoT plan for OT networks to an Azure subscription.

To onboard a Defender for IoT plan for OT networks:

  1. In the Azure portal, go to Defender for IoT > Plans and pricing.

  2. Select Add plan.

  3. In the Plan settings pane, define the plan:

    • Subscription. Select the subscription where you would like to add a plan.

      You'll need a Security admin, Contributor, or Owner role for the subscription.

      Tip

      If your subscription isn't listed, check your account details and confirm your permissions with the subscription owner.

    • Price plan. Select a monthly or annual commitment, or a trial.

      Microsoft Defender for IoT provides a 30-day free trial for the first 1,000 committed devices for evaluation purposes.

      For more information, see the Microsoft Defender for IoT pricing page.

    • Committed sites. Relevant for annual commitments only. Enter the number of committed sites.

    • Number of devices. If you selected a monthly or annual commitment, enter the number of committed devices you'll want to monitor. If you select a trial, there is a default of 1000 devices.

    For example:

    Screenshot of the plan settings pane to add or edit a plan for OT networks.

  4. Select Next.

  5. Review your plan, select the I accept the terms option, and then select Purchase.

Your new plan is listed under the relevant subscription in the Plans grid.

Edit a plan for OT networks

Edit your Defender for IoT plans for OT networks if you need change your plan commitment or update the number of committed devices or sites.

For example, you may have more devices that require monitoring if you're increasing existing site coverage, have discovered more devices than expected, or there are network changes such as adding switches.

To edit a plan:

  1. In the Azure portal, go to Defender for IoT > Plans and pricing.

  2. On the subscription row, select the options menu (...) at the right > select Edit plan.

  3. Make any of the following changes as needed:

    • Change your price plan from a trial to a monthly or annual commitment
    • Update the number of committed devices
    • Update the number of sites (annual commitments only)
  4. Select the I accept the terms option, and then select Purchase.

  5. After any changes are made, make sure to reactivate your sensors. For more information, see Reactivate an OT sensor.

  6. If you have an on-premises management console, make sure to upload a new activation file, which reflects the changes made. For more information, see Upload an activation file.

Changes to your plan will take effect one hour after confirming the change. This change will appear on your next monthly statement, and you'll be charged based on the length of time each plan was in effect.

Cancel a Defender for IoT plan

You may need to cancel a Defender for IoT plan from your Azure subscription, for example, if you need to work with a new payment entity, or if you no longer need the service.

Important

Canceling a plan removes all Defender for IoT services from the subscription, including both OT and Enterprise IoT services. If you have an Enterprise IoT plan on your subscription, do this with care.

To cancel only an Enterprise IoT plan, do so from Microsoft 365. For more information, see Cancel your Enterprise IoT plan.

Prerequisites: Before canceling your plan, make sure to delete any sensors that are associated with the subscription. For more information, see Sensor management options from the Azure portal.

To cancel a Defender for IoT plan for OT networks:

  1. In the Azure portal, go to Defender for IoT > Plans and pricing.

  2. On the subscription row, select the options menu (...) at the right and select Cancel plan.

  3. In the cancellation dialog, select I agree to cancel the Defender for IoT plan from the subscription.

Your changes take effect one hour after confirmation. This change will be reflected in your upcoming monthly statement, and you'll only be charged for the time that the subscription was active.

Move existing sensors to a different subscription

Business considerations may require that you apply your existing IoT sensors to a different subscription than the one you’re currently using. To do this, you'll need to onboard a new plan to the new subscription, register the sensors under the new subscription, and then remove them from the previous subscription.

Billing changes will take effect one hour after cancellation of the previous subscription, and will be reflected on the next month's bill.

  • Devices will be synchronized from the sensor to the new subscription automatically.

  • Manual edits made in the portal won't be migrated.

  • New alerts created by the sensor will be created under the new subscription, and existing alerts in the old subscription can be closed in bulk.

To switch sensors to a new subscription:

  1. In the Azure portal, onboard a new plan for OT networks to the new subscription you want to use.

  2. Create a new activation file by following the steps to onboard an OT sensor.

    • Replicate site and sensor hierarchy as is.

    • For sensors monitoring overlapping network segments, create the activation file under the same zone. Identical devices that are detected in more than one sensor in a zone, will be merged into one device.

  3. Upload a new activation file for your sensors under the new subscription.

  4. Delete the sensor identities from the previous subscription. For more information, see Sensor management options from the Azure portal.

  5. If relevant, cancel the Defender for IoT plan from the previous subscription. For more information, see Cancel a Defender for IoT plan.

Note

If the previous subscription was connected to Microsoft Sentinel, you'll need to connect the new subscription to Microsoft Sentinel and remove the old subscription. For more information, see Connect Microsoft Defender for IoT with Microsoft Sentinel.

Next steps

For more information, see: