This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
With vulnerability management, Microsoft Defender for IoT in the Defender portal provides extended coverage for OT networks, gathers OT device data into one place, and displays the data with the other devices on your network.
The OT security administrator proactively manages network exposure based on the vulnerability details and recommended remediation actions.
Important
This article discusses Microsoft Defender for IoT in the Defender portal (Preview).
If you're an existing customer working on the classic Defender for IoT portal (Azure portal), see the Defender for IoT on Azure documentation.
Learn more about the Defender for IoT management portals.
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
The key vulnerability management capabilities are:
| Capability | Description |
|---|---|
| Extended vulnerability coverage | Defender for IoT uses detailed OT device firmware information and discovers the device vendor, model, and version to identify known vulnerabilities. |
| Security recommendations page | Offers actionable steps to update and mitigate vulnerable products. |
| Weaknesses page | Includes a detailed list of vulnerabilities like zero-days and known exploits. |
| Management | You can manage and control the vulnerabilities globally, per tenant or device group, per device from the device page, or per vulnerable product through the Inventory page. |
| Exception handling | Create exceptions for recommendations that can't be patched. |
| Customizable Vulnerability Notifications | Alert key stakeholders with customizable notifications. |
| Reporting Inaccuracies | Users can report inaccuracies on discovered CVEs or request support for new vulnerabilities. |
The Microsoft Defender portal displays Microsoft Defender for IoT security vulnerabilities in the Endpoints > Weaknesses page.
Vulnerabilities are listed based on their publicly registered Common Vulnerability and Exposures(CVEs) ID.
The Weaknesses page lists the detected security vulnerabilities across all devices, endpoints, applications and other sources on your network. The data can be filtered according to device groups based on the created sites.
The OT security administrator uses the list of detected vulnerabilities in the Weaknesses page to send a remediation request for the relevant team to handle.
Learn more about the Weaknesses page in the Microsoft Defender Vulnerability Management.
Prioritize and investigate vulnerabilities in Microsoft Defender for IoT.
Training
Module
Utilize Vulnerability Management in Microsoft Defender for Endpoint - Training
Utilize Vulnerability Management in Microsoft Defender for Endpoint
Certification
Microsoft Certified: Security Operations Analyst Associate - Certifications
Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.
Documentation
This article describes how to review security initiatives with Microsoft Defender for IoT in the Defender portal.
This article describes how to prioritize, investigate and remediate vulnerabilities with Microsoft Defender for IoT in the Defender portal.
This article describes how to investigate incidents and alerts in Microsoft Defender for IoT in the Defender portal.