services / Azure / Defender for IoT sensors
Defender for IoT network monitoring sensors are appliances that passively monitor OT/IoT network traffic for threats and feed detections into Microsoft Defender for IoT.
These are defensive security-monitoring components; tampering with them affects threat-detection coverage rather than primary production data.
Microsoft.Security/iotSensors/DownloadResetPassword/action
Downloads a password-reset file returning credential material to reset the sensor's privileged admin account, exporting a secret and granting takeover of the sensor appliance.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog