Introducing Azure Defender for IoT Preview


Azure Defender for IoT is currently in public preview. This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.

As enterprises implement digital transformation for greater efficiency and productivity, boards and management teams are increasingly concerned about the liability and financial risk resulting from the deployment of massive numbers of unmanaged Internet of Things (IoT) and Operational Technology (OT) devices. Threat actors targeting this expanded attack surface can cause substantial corporate impact including safety and environmental incidents, costly production downtime, and theft of sensitive intellectual property.

Legacy IoT and OT devices don’t support agents and are often unpatched, misconfigured, and invisible to IT teams – making them soft targets for threat actors looking to pivot deeper into corporate networks.

Traditional network security monitoring tools developed for corporate IT networks are unable to address these environments because they lack a deep understanding of the specialized protocols, devices, and machine-to-machine (M2M) behaviors found in IoT and OT environments.

Azure Defender for IoT is a holistic solution that continuously discovers, monitors, and manages IoT and OT threats, risks, and vulnerabilities across all IoT and OT devices, whether they are newer devices managed via Azure IoT Hub or legacy unmanaged devices. Azure Defender for IoT helps accelerate incident response, provides insight into operational challenges, and simplifies hybrid workload protection by delivering unified IoT and OT visibility and control.

This holistic solution addresses key use cases that include:

  • Automatic asset discovery for all IoT and OT devices
  • Continuous IoT and OT risk and vulnerability management
  • IoT and OT threat hunting and incident response
  • Operational efficiency

Azure Defender for IoT is a unified solution for IoT and OT security across all your devices. It gives you the tools to build security into new IoT and OT devices managed via Azure IoT Hub, as well as the agentless network-layer monitoring capabilities you need to protect unmanaged IoT and OT assets.

Unified visibility and control

Get a unified view of security across all of your on-premises and cloud workloads, including your Azure IoT solution. Onboard new devices, and apply security policies across your workloads (Leaf devices, Microsoft Edge devices, IoT Hub) to ensure compliance with security standards and improved security posture.

Adaptive threat prevention

Use Defender for IoT to continuously monitor the security of machines, networks, and Azure services. Choose from hundreds of built-in security assessments or create your own in the central Defender for IoT Hub dashboard. Optimize your security settings and improve your security score with actionable recommendations across virtual machines, networks, apps, and data. With newly added IoT capabilities, you can now reduce the attack surface for your Azure IoT solution and remediate issues before they can be exploited.

Intelligent threat detection and response

Use advanced analytics and the Microsoft Intelligent Security Graph to get an edge over evolving cyber-attacks. Built-in behavioral analytics and machine learning identify attacks and zero-day exploits. Monitor your IoT solution for incoming attacks and post-breach activity. Streamline device investigation and remediation with interactive tools and contextual threat intelligence.

Next steps

In this overview, you learned about the features and services of Defender for IoT. To learn more about Defender for IoT architecture, prerequisites, and learn how to get started, see the following articles: