services / Azure / Defender for IoT sensors
Defender for IoT network monitoring sensors are appliances that passively monitor OT/IoT network traffic for threats and feed detections into Microsoft Defender for IoT.
These are defensive security-monitoring components; tampering with them affects threat-detection coverage rather than primary production data.
Microsoft.Security/iotSensors/DownloadActivation/action
Downloads the sensor activation/license file, returning credential-like onboarding material that authorizes a sensor; exporting it is exfiltration of secret material.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog