Deploy Defender for IoT for OT monitoring

Learning Path
5 Modules

At a glance

Level

Intermediate
Skill

 
Product

Microsoft Azure Defender for IoT
Role

Solution Architect Technology Manager
Subject

Security

Microsoft Defender for IoT is a unified security solution that identifies IoT and OT devices, vulnerabilities, and threats. Learn how to deploy Defender for IoT for OT monitoring.

Prerequisites

Knowledge of what Defender for IoT is and how it works at a beginner level
Knowledge of operational technology (OT) networks and networking concepts at an intermediate level
Familiarity with the Purdue networking model, like the device types that are included in each networking level
Knowledge of what Azure roles and role-based access controls (RBAC) are and how they work at a beginner level
Access to an Azure subscription as a Security Admin, Contributor, or Owner user
A Defender for IoT license with an OT plan
A configured firewall and all of the rules and settings for it to connect to port 443, including: IP address, subnet mask, default gateway, DNS and hostname
Access to either a virtual or physical OT sensor
Access to a virtual machine, such as VMware ESXi 5.5 or later
A configured network adapter port group that connects to the internet
A configured network adapter port group that connects to the SPAN port on the virtual switch
Access to Wireshark or similar packet capture (PCAPS) file reader
A network diagram for your organization

Modules in this learning path

Plan to deploy Microsoft Defender for IoT to monitor operational technology (OT) networks

Plan for the deployment of Microsoft Defender for IoT, including the sites and zones, user access, and OT sensor and management connections.

Prepare to deploy Microsoft Defender for IoT

To prepare for the deployment of Microsoft Defender for IoT, identify what to monitor, choose a traffic mirroring method, and review the appliance options.

Onboard your first OT sensor to Microsoft Defender for IoT

Based on the sensor information gathered in the plan and prepare phases of a deployment, onboard one of these sensors to Defender for IoT, download the sensor's activation file, and the list of endpoints required to connect your sensor to Azure.

Deploy a sensor to Microsoft Defender for IoT for operational technology network monitoring

Using the activation file and list of endpoints from the onboarding phase, deploy an OT sensor to Microsoft Defender for IoT. Install monitoring software on the sensor, set up the interface settings, and activate the sensor.

Fine-tune your Microsoft Defender for IoT OT sensor

After onboarding a sensor and deploying Defender for IoT, control the traffic monitored by your sensor and create a baseline of the OT network traffic. Fine-tune the defined subnets and devices. Then triage alerts while in learning mode to create a baseline. When ready, put the sensor into operational mode.