Onboard with Microsoft Defender for IoT

Applies to:

• Microsoft Defender for Endpoint P2
• Microsoft 365 Defender

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

Microsoft Defender for Endpoint now seamlessly integrates with Microsoft Defender for IoT. This integration extends your device discovery capabilities with the agentless monitoring capabilities provided by Defender for IoT. The Defender for IoT integration provides increased visibility to help locate, identify, and secure the enterprise IoT devices in your network, such as Voice over Internet Protocol (VoIP) devices, printers, and cameras.

This allows organizations to take advantage of a single integrated solution that secures all of their IoT, and Operational Technology (OT) infrastructure. For more information, see Enterprise IoT network protection.

The Defender for IoT integration gives you a single unified view of your complete OT/IoT inventory alongside the rest of your IT devices (workstations, servers, and mobile). Customers who've onboarded to Defender for IoT will also get information on alerts, vulnerabilities and security recommendations for their IoT devices.

Prerequisites

To modify settings for your Defender for Endpoint integration, the user must have the following roles:

• Tenant Global Administrator in Azure Active Directory
• Security Administrator for the Azure subscription that will be used for the Microsoft Defender for IoT integration

Onboard a Defender for IoT plan

1. In the navigation pane of the https://security.microsoft.com portal, select Settings > Device discovery > Enterprise IoT.

2. Select the following options for your plan:

   • Select the Azure subscription from the list of available subscriptions in your Azure Active Directory tenant where you'd like to add a plan.

   • Select a pricing plan, either a monthly or annual commitment, or a trial. Microsoft Defender for IoT provides a 30-day free trial for the first 1,000 committed devices for evaluation purposes.

     For more information, see the Microsoft Defender for IoT pricing page.

   • Select the number of committed devices you'll want to monitor. If you selected a trial, this section doesn't appear as you have a default of 1000 devices.

3. Accept the terms and conditions and select Save.

Note

Setting up an Enterprise IoT network sensor is currently in public preview. For more information, see Shared device inventory.

Managing your IoT devices

To view and manage your IoT devices in the Microsoft 365 Defender portal go to the Device inventory from the Endpoints navigation menu and select the IoT devices tab.

For information on how to view the devices in Defender for IoT, see Manage your IoT devices with the device inventory for organizations.

View devices, alerts, recommendations, and vulnerabilities

After onboarding to a Defender for IoT plan, view detected data and security assessments in the following locations:

• View device data in Defender for Endpoint or Defender for IoT
• View alerts, recommendations, and vulnerabilities in the Microsoft 365 Defender portal.

Shared device inventory

Defender for Endpoint customers can also set up the Enterprise IoT network sensor (currently in Public Preview) to gain more visibility into additional IoT segments of the corporate network that were not previously covered by Defender for Endpoint. Customers that have set up an Enterprise IoT network sensor will be able to see all discovered devices in the Device inventory in either Defender for Endpoint or Defender for IoT.

To add a network sensor, in the navigation pane of the https://security.microsoft.com portal:

1. Select Settings > Device discovery > Enterprise IoT
2. Under Set up network sensors choose the Microsoft Defender for IoT link

This brings you to the sensor setup process in the Azure portal. For more information, see Get started with Enterprise IoT.

Important

Setting up an Enterprise IoT Network sensor is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Cancel your Defender for IoT plan

Cancel your Defender for IoT plan from the Defender for Endpoint settings page in the https://security.microsoft.com portal. Once you cancel your plan, the integration stops and you'll no longer get security assessment value in Defender for Endpoint, or detect new devices in Defender for IoT.

For more details about plan cancellation and data considerations, please see Cancel a Defender for IoT plan in the Defender for IoT documentation.

See also

• Device discovery overview
• Device discovery FAQ