Enable Enterprise IoT security with Defender for Endpoint

This article describes how Microsoft Defender for Endpoint customers can add an Enterprise IoT plan in Microsoft 365 Defender, providing extra security value for IoT devices.

While IoT device inventory is already available for Defender for Endpoint P2 customers, adding an Enterprise IoT plan adds alerts, recommendations, and vulnerability data, purpose-built for IoT devices in your enterprise network.

IoT devices include printers, cameras, VOIP phones, smart TVs, and more. Adding an Enterprise IoT plan means, for example, that you can use a recommendation in Microsoft 365 Defender to open a single IT ticket for patching vulnerable applications across both servers and printers.

Prerequisites

Before you start the procedures in this article, read through Secure IoT devices in the enterprise to understand more about the integration between Defender for Endpoint and Defender for IoT.

Make sure that you have:

  • A Microsoft Defender for Endpoint P2 license

  • IoT devices in your network, visible in the Microsoft 365 Defender Device inventory

  • An Azure subscription. If you need to, sign up for a free account.

  • The following user roles:

    Identity management Roles required
    In Azure Active Directory Global administrator for your Microsoft 365 tenant
    In Azure RBAC Security admin, Contributor, or Owner for the Azure subscription that you'll be using for the integration

Onboard a Defender for IoT plan

  1. In the navigation pane of the https://security.microsoft.com portal, select Settings > Device discovery > Enterprise IoT.

  2. Select the following options for your plan:

  3. Select the I accept the terms and conditions option and then select Save.

For example:

Screenshot of the Enterprise IoT tab in Defender for Endpoint.

View added security value in Microsoft 365 Defender

This procedure describes how to view related alerts, recommendations, and vulnerabilities for a specific device in Microsoft 365 Defender. Alerts, recommendations, and vulnerabilities are shown for IoT devices only after you've added an Enterprise IoT plan.

To view added security value:

  1. In the navigation pane of the https://security.microsoft.com portal, select Assets > Devices to open the Device inventory page.

  2. Select the IoT devices tab and select a specific device IP to drill down for more details. For example:

    Screenshot of the IoT devices tab in Microsoft 365 Defender.

  3. On the device details page, explore the following tabs to view data added by the Enterprise IoT plan for your device:

    • On the Alerts tab, check for any alerts triggered by the device.

    • On the Security recommendations tab, check for any recommendations available for the device to reduce risk and maintain a smaller attack surface.

    • On the Discovered vulnerabilities tab, check for any known CVEs associated with the device. Known CVEs can help decide whether to patch, remove, or contain the device and mitigate risk to your network.

Next steps

Learn how to set up an Enterprise IoT network sensor (Public preview) and gain more visibility into more IoT segments of your corporate network that aren't otherwise covered by Defender for Endpoint.

Customers that have set up an Enterprise IoT network sensor will be able to see all discovered devices in the Device inventory in either Microsoft 365 Defender, or Defender for IoT in the Azure portal.