Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes features available in Microsoft Defender for IoT, across both OT and Enterprise IoT networks, both on-premises and in the Azure portal, and for versions released in the last nine months.
Features released earlier than nine months ago are described in the What's new archive for Microsoft Defender for IoT for organizations. For more information specific to OT monitoring software versions, see OT monitoring software release notes.
Note
Noted features listed below are in PREVIEW. The Azure Preview Supplemental Terms include other legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Note
This article discusses Microsoft Defender for IoT in the Azure portal.
If you're a Microsoft Defender customer looking for a unified IT/OT experience, see the documentation for Microsoft Defender for IoT in the Microsoft Defender portal (Preview) documentation.
Learn more about the Defender for IoT management portals.
On-premises management console retirement
The legacy on-premises management console isn't available for download after January 1st, 2025. We recommend transitioning to the new architecture using the full spectrum of on-premises and cloud APIs before this date. For more information, see on-premises management console retirement.
March 2025
| Service area | Updates |
|---|---|
| OT networks | - "Unauthorized Internet Connectivity Detected" alert now includes URL information - Improved RDP Brute Force Detection |
"Unauthorized Internet Connectivity Detected" alert now includes URL information
The "Unauthorized Internet Connectivity Detected" alert details now includes the URL from which the suspicious connection initiated, helping SOC analysts assess and respond to incidents more effectively.
Improved RDP brute force detection
The “Excessive Number of Sessions” alert now includes support by default to a remote desktop protocol (RDP) port, enhancing visibility into potential brute-force attacks and unauthorized access attempts.
January 2025
| Service area | Updates |
|---|---|
| OT networks | - Aggregating multiple alerts violations with the same parameters |
Aggregating multiple alerts violations with the same parameters
To reduce alert fatigue, multiple versions of the same alert violation and with the same parameters are grouped together and listed in the alerts table as one item. The alert details pane lists each of the identical alert violations in the Violations tab and the appropriate remediation actions are listed in the Take action tab. For more information, see aggregating alerts with the same parameters.
December 2024
| Service area | Updates |
|---|---|
| OT networks | - Support Multiple Source Devices in DDoS Attack Alerts |
Support Multiple Source Devices in DDoS Attack Alerts
Alert details now display up to 10 source devices involved in DDoS attack.
October 2024
| Service area | Updates |
|---|---|
| OT networks | - Add wildcards to allowlist domain names - Added protocol - New sensor setting type Public addresses - Improved OT sensor onboarding |
Add wildcards allowlist domain names
When adding domain names to the FQDN allowlist use the * wildcard to include all sub-domains. For more information, see allow internet connections on an OT network.
Added protocol
We now support the OCPI protocol. See the updated protocol list.
New sensor setting type Public addresses
We're adding the Public addresses type to the sensor settings, that allows you to exclude public IP addresses that might have been used for internal use and shouldn't be tracked. For more information, see add sensor settings.
Improved OT sensor onboarding
If there are connection problems, during sensor onboarding, between the OT sensor and the Azure portal at the configuration stage, the process can't be completed until the connection problem is solved.
We now support completing the configuration process without the need to solve the communication problem, allowing you to continue the onboarding of your OT sensor quickly and solve the problem at a later time. For more information, see activate your OT sensor.
July 2024
| Service area | Updates |
|---|---|
| OT networks | - Security update |
Security update
This update resolves a CVE, which is listed in software version 24.1.4 feature documentation.