Plan to onboard an OT sensor to Microsoft Defender for IoT

  • 2 minutes

Your car manufacturing organization has offices and production sites across the globe, with a network linking them together. Zero Trust access principles require segmenting your network to enhance security and limit access for each segment to relevant personnel only.

Defender for IoT uses sites and zones for this segmentation, and you need the details about your sensors' sites and zones when onboarding your sensor.

Sites and zones

In Defender for IoT, in our example, each international office location is designated as a separate site. Each of these sites contains areas with different uses, such as executive offices, production floors, and sales. In Defender for IoT, each of these logical areas are called zones.

Each of your sensors is assigned to a site and zone, with its own unique name. The sensor is either connected to the cloud, where data is streamed to the Azure portal, or managed locally, where data is accessed only on-premises. You define sites and zones for your sensors as you onboard them to Defender for IoT.

Your organization's deployment plan

Your car manufacturer has four offices worldwide. The following table shows the part of your deployment plan that details the sites, zones, and sensor required for each office.

Site Zones Sensor name Cloud connected
Paris office - Ground floor (Guests)
- Floor 1 (Sales)
- Floor 2 (Executive)		 paris-guests
paris-sales
paris-exec		 Yes
Yes
Yes
Lagos office - Ground floor (Guests)
- Floor 1 (Sales)		 lagos-offices
lagos-factory		 Yes
No
Dubai office - Ground floor (Convention center)
- Floor 1 (Sales)
- Floor 2 (Offices)		 dubai-guests
dubai-sales
dubai-exec		 Yes
Yes
Yes
Tianjin office - Ground floor (Offices)
- Floors 1-2 (Factory)		 tianjin-office
tianjin-factory		 Yes
No

To onboard the Sales floor sensor for the Paris office, you need the following information ready:

  • Site name: Paris office
  • Zone: Floor 1 (Sales)
  • Sensor name: paris-sales
  • Cloud connected: Yes