As more businesses turn to the Internet of Things (IoT), security and privacy are often top of mind. Our goal at Microsoft is to keep our customers' IoT solutions secure. As part of our ongoing security efforts, Microsoft recently launched the Security Program for Azure IoT, which provides customers with a choice of security auditors who can assess their IoT solutions from device to cloud. Microsoft also offers comprehensive guidance on IoT security and state of the art security built into Azure IoT Suite and Azure IoT Hub. Today, Microsoft is excited to announce another important security feature: IP filtering.
IP filtering enables customers to instruct IoT Hub to only accept connections from certain IP addresses, to reject certain IP addresses or a combination of both. We’ve made it easy for administrators to configure these IP filtering rules for their IoT Hub. These rules apply any time a device or a back-end application is connecting on any supported protocols (currently AMQP, MQTT, AMQP/WS, MQTT/WS, HTTP/1). Any application from an IPv4 address that matches a rejecting IP rule receives an unauthorized 401 status code without specific mention of the IP rule in the message.
The IP filter allows maximum 10 rules each rejecting or accepting an individual IPv4 address or a subnet using the CIDR-notation format. The following two examples demonstrate how to blacklist an IP address and whitelist a certain subnet.
Read more on Azure Blogs for tutorials on how to Blacklist an IP address and Whitelist a Subnet.