Microsoft Defender for IoT - supported IoT, OT, ICS, and SCADA protocols
This article lists the protocols that are supported by default in Microsoft Defender for IoT.
Supported protocols for OT device discovery
OT network sensors can detect the following protocols when identifying assets and devices in your network:
| Brand / Vendor | Protocols |
|---|---|
| ABB | ABB 800xA DCS (IEC61850 MMS including ABB extension) CNCP RNRP ABB IAC ABB Totalflow ABB NetConfig |
| ASHRAE | BACnet BACnet BACapp BACnet BVLC |
| Beckhoff | AMS (ADS) Twincat |
| Cisco | CAPWAP Control CAPWAP Data CDP LWAPP |
| DICOM | Dicom |
| Desoutter Protocol | Open |
| DNP. org | DNP3 |
| Emerson | DeltaV DeltaV - Discovery Emerson OpenBSI/BSAP Ovation DCS ADMD Ovation DCS DPUSTAT Ovation DCS SSRPC |
| Emerson Fischer | ROC |
| EVRoaming Foundation | OCPI |
| FANUC | FANUC FOCUS |
| FieldComm Group | HART-IP |
| GE | ADL (MarkVIe) Bentley Nevada (System 1 / BN3500) ClassicSDI (MarkVle) EGD GSM (GE MarkVI and MarkVIe) InterSite SDI (MarkVle) SRTP (GE) GE_CMP |
| Generic Applications | Active Directory RDP Teamviewer VNC |
| Honeywell | ENAP Experion DCS CDA Experion DCS FDA Honeywell EUCN Honeywell Discovery |
| IEC | Codesys V3 IEC 60870-5-7 (IEC 62351-3 + IEC 62351-5) IEC 60870-5-104 IEC 60870-5-104 ASDU_APCI IEC 60870 ICCP TASE.2 IEC 61850 GOOSE IEC 61850 MMS IEC 61850 SMV (SAMPLED-VALUES) LonTalk (LonWorks) |
| IEEE | LLC STP VLAN |
| IETF | ARP DHCP DCE RPC DNS FTP (FTP_ADAT FTP_DATA) GSSAPI (RFC2743) HTTP ICMP IPv4 LLDP MDNS NBNS NTLM (NTLMSSP Auth Protocol) RPC SMB / Browse / NBDGM SMB / CIFS SNMP SPNEGO (RFC4178) SSH Syslog TCP Telnet TFTP TPKT UDP |
| ISO | CLNP (ISO 8473) COTP (ISO 8073) ISO Industrial Protocol MQTT (IEC 20922) |
| Jenesys | FOX Niagara |
| Medical | ASTM HL7 DICOM POCT1 |
| Mitsubishi | Melsoft / Melsec (Mitsubishi Electric) |
| Omron | FINS HTTP |
| OPC | AE Common DA HDA UA |
| Oracle | TDS TNS |
| Rockwell Automation | CSP2 ENIP EtherNet/IP CIP (including Rockwell extension) EtherNet/IP CIP FW version 27 and above Rockwell AADvance Discover Rockwell AADvance SNCP/IXL |
| Samsung | Samsung TV |
| Schneider Electric | Modbus/TCP Modbus TCP–Schneider Unity Extensions OASYS (Schneider Electric Telvant) Schneider TSAA Schneider NetManage |
| Schneider Electric / Invensys | Foxboro Evo Foxboro I/A Trident TriGP TriStation |
| Schneider Electric / Modicon | Modbus RTU |
| Schneider Electric / Wonderware | Wonderware Suitelink |
| SEL | FTP Telnet |
| Siemens | CAMP PCS7 PCS7 WinCC – Historian Profinet DCP Profinet I/O Profinet Realtime Siemens PHD Siemens S7 Siemens S7 - Firmware and model extraction Siemens S7 – key state Siemens S7-Plus Siemens SICAM Siemens WinCC |
| Toshiba | Toshiba Computer Link |
| Yokogawa | Centum ODEQ (Centum / ProSafe DCS) HIS Equalize FA-M3 Vnet/IP |
Supported OT protocols for active monitoring
OT sensors support active monitoring for the following protocols:
| Scan type | Supported protocols | Method |
|---|---|---|
| Windows event scans | - WMI | Configure Windows Endpoint Monitoring |
| DNS lookup scans | - DNS | Configure reverse DNS lookup |
Supported protocols for Enterprise IoT device discovery
Enterprise IoT network sensors can detect the following protocols when identifying assets and devices in your network:
| Brand / Vendor | Protocols |
|---|---|
| ALARIS | BAXTER |
| ASHRAE | BACnet BACapp |
| Cisco | CDP |
| IANA | SIP |
| IETF | BROWSE DHCP DNS HTTP LLDP MDNS SNMP SSDP |
| Medical | DICOM HL7 POCT1 |
| SWARM | swarm |
Next steps
For more information: