For any device connected to the Internet, there are three simple rules you should always keep in mind: safety first, safety second, and safety third. There are many threats for any device connected to the Internet and in the wonderful world of IoT, security is more important than ever!

Prerequisite: It is recommended that you read the blog post Introduction to MQTT Topics first and then continue reading this article.

IoT Hub already offers a level of encryption by providing basic TLS/SSL certificates for each connected object, to allow encrypted connections and mutual authentication.
To increase the level of protection of the communication between the connected devices, IoT Hub supports message filters. These filters work like a topic firewall: For each device you can limit the topics that can be published or subscribed to.

Each device in the IoT Hub has two independent message filters:

  • A publish filter that restricts publications
  • A subscribe filter that restricts subscriptions.

Each of these message filters has a policy and a list of topics. Each of these policies works as follows:

  • If the policy is reject, the filter behaves like a blacklist, it will reject all topics contained in its list, and allow all others.
  • If the policy is accept, the filter behaves like a whitelist, it will allow all topics contained in its list, and reject all others.

It is also possible to use topics with MQTT wildcards ('+' and '#') in the policies to filter entire categories.

Each time a filter is triggered, a Hub Event will be published to inform you. For more information about Hub Events, refer to the dedicated documentation.

Now you know how to protect your system against threads on the Internet using mTLS and message filters. If you want to learn more about IoT Hub, head over to our Getting Started guide.