Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Microsoft Defender for IoT Ninja Training
Published Jun 09 2021 01:45 PM 207K Views
Microsoft

D4IoT_icon_2.png

The following courses will guide you to becoming an Microsoft Defender for IoT Ninja. 

 

Curriculum  

This training program includes over 28 videos divided into 5 modules. For each session, the post includes a video, and/or a presentation, along with supporting information when relevant: product documentation, blog posts, and additional resources. 
 
The modules are organized into the following groups: 

  • Overview 
  • Basic Features 
  • Deployment 
  • Sentinel Integration 
  • Advanced  

Check back often as additional items will be published regularly.

  

Overview 

Microsoft Defender for IoT enables IT and OT teams to auto-discover their unmanaged IoT/OT assets, identify critical vulnerabilities, and detect anomalous or unauthorized behavior — without impacting IoT/OT stability or performance. 

Microsoft Defender for IoT delivers insights within minutes of being connected to the network, leveraging patented IoT/OT-aware behavioral analytics and machine learning to eliminate the need to configure any rules, signatures, or other static IOCs. To capture the traffic, it uses an on-premises network sensor deployed as a virtual or physical appliance connected to a SPAN port or tap. The sensor implements non-invasive passive monitoring with Network Traffic Analysis (NTA) and Layer 7 Deep Packet Inspection (DPI) to extract detailed IoT/OT information in real-time.

 

This section provides background information on IoT and OT networks and an overview of the Microsoft Defender for IoT platform.

 

Start Here 

kimwall_0-1623189683350.png 17m: How does Microsoft Defender for IoT secure OT (operational technology) environments? 
kimwall_1-1623189683351.png  How does Microsoft Defender for IoT secure OT (operational technology) environments? 
kimwall_2-1623189683351.png 12m: What is the Microsoft Defender for IoT Architecture? 
kimwall_3-1623189683352.png What is the Microsoft Defender for IoT Architecture? 

kimwall_2-1623189683351.png 4m: Microsoft Defender for IoT Reference Architecture

 

Learn More 

Blog: Go inside the new Microsoft Defender for IoT including CyberX 

kimwall_4-1623189683352.png 22m: Agentless IoT/OT security with Microsoft Defender for IoT 
kimwall_5-1623189683352.png 35m: Microsoft Defender for IoT Overview  
kimwall_6-1623189683352.png 25m: Microsoft Defender for IoT Introduction 
kimwall_7-1623189683353.png 38m: What is OT and how is it different from IT? 
kimwall_8-1623189683353.png 23m: How Microsoft Defender for IoT fills the security gap in OT networks 
kimwall_9-1623189683353.png 13m: Microsoft Defender for IoT overview and demo 
kimwall_10-1623189683354.png 13m: Microsoft Defender for IoT agentless monitoring demo 

Blog: Designing a Robust Defense for Operational Technology Using Microsoft Defender for IoT

Blog: Microsoft scores highest in threat visibility coverage for MITRE ATT&CK for ICS

Blog: How to gain more from your connection to an OT network

 

 

 

Basic Features 

Learn about the core features of the platform including asset discovery, deployment options, reporting, alert handling, event timeline, risk assessment, attack vector simulations, and data mining and baselining.  

 

Start Here 

kimwall_11-1623189683354.png 43m: Demonstration of Microsoft Defender for IoT platform

kimwall_14-1623189683355.png Demonstration of Microsoft Defender for IoT platform 
kimwall_12-1623189683354.png 10m: How to discover and classify assets within your industrial network using Defender for IoT 

kimwall_3-1625243773182.png Asset discovery solution brief

kimwall_13-1623189683354.png 6m: How to discover exploitable paths using attack vector simulation 
kimwall_14-1623189683355.png How to discover exploitable paths using attack vector simulation 
kimwall_15-1623189683355.png 8m: How to run reports and attack vector simulations 
kimwall_16-1623189683355.png How to run reports and attack vector simulations 
kimwall_17-1623189683356.png 5m: How to use the event timeline 
kimwall_18-1623189683356.png 11m: How to analyze the risk assessment report 

kimwall_4-1625243968009.png Sample Risk Assessment report

kimwall_0-1624901390578.png 9m: How to handle Microsoft Defender for IoT Alerts

kimwall_16-1623189683355.png How to handle Microsoft Defender for IoT Alerts

kimwall_0-1624901390578.png 5m: How data mining and baselining works in Microsoft Defender for IoT

kimwall_16-1623189683355.png How data mining and baselining works in Microsoft Defender for IoT

 

Learn More 

Doc: Working with the device inventory

Doc: Working with the Event Timeline

Doc: Risk Assessment Reporting

Doc: Understanding Sensor Alerts

Doc: Alert types and descriptions

Doc: Creating Data Mining Reports

kimwall_19-1623189683356.png 52m: Zero Trust Webinar with Microsoft Defender for IoT 
kimwall_20-1623189683356.png 24m: Analytics, data management and hunting with Microsoft Defender for IoT 
kimwall_21-1623189683357.png 24m: Deployment methodologies - hybrid cloud vs air-gapped environments 

Doc: Microsoft Defender for IoT Architecture in product documentation 

Blog: Cloud-delivered IoT/OT threat intelligence 

Blog: Microsoft Defender for IoT quick start instructions 

 

 

Deployment 

This section provides details on the deployment and tuning specifics. Learn about the differences between on-premises-only and cloud-connected options. Walk through the licensing components within the Azure portal.  

 

Start Here 

kimwall_22-1623189683357.png 35m: How to successfully deploy a sensor 

kimwall_16-1623189683355.png How to successfully deploy a sensor

kimwall_0-1624901390578.png 15m: How to optimize and tune the Microsoft Defender for IoT platform

kimwall_16-1623189683355.png How to optimize and tune the Microsoft Defender for IoT platform

 

Learn More 

Doc: Setting up your Defender for IoT network

Blog: Designing a Robust Defense for Operational Technology Using Microsoft Defender for IoT 

kimwall_23-1623189683357.png 33m: Deploying and configuring an offline sensor 

 

 

Sentinel Integration 

For cloud-connected options, remote sensors will send logging and analysis data to Azure. Once in the cloud, logging and asset data may be forwarded to Sentinel. All of the tools within Sentinel become available including automation/playbooks, workbooks, threat hunting and analytics, incident handling, notebooks, and more.  

 

Start Here 

kimwall_24-1623189683358.png 16m: How to protect OT networks from Triton using Microsoft Sentinel Playbooks 

kimwall_24-1623189683358.png 5m: How Microsoft Defender for IoT uses the IoT Hub

kimwall_24-1623189683358.png 5m: How to share Defender for IoT Raw Data with Sentinel 

 

Advanced 

Learn about advanced features and integrations including custom alerts, MITRE framework, enterprise data integration, large scale deployments, SOC integration, and more.  

 

Start Here 

kimwall_25-1623189683358.png 13m: How to use the enterprise data integrator 
kimwall_26-1623189683358.png How to use the enterprise data integrator 

kimwall_25-1623189683358.png 12m: How to create custom alerts in Defender for IoT

kimwall_25-1623189683358.png  53m: How Defender for IoT maps to MITRE ATT&CK

kimwall_26-1623189683358.png How Defender for IoT maps to MITRE ATT&CK

kimwall_25-1623189683358.png  5m: Integrating with Splunk and ServiceNow

kimwall_25-1623189683358.png 53m: Large scale deployment of Defender for IoT

kimwall_26-1623189683358.png  Large scale deployment of Defender for IoT

 

Learn More 

Blog: Looking for Anomalies in your IoT Asset Telemetry 

Doc: Creating Custom Alerts 

Doc: Integrating data into the enterprise device inventory

Blog: Microsoft Defender for IoT Raw-Data and ICS MITRE ATT&CK Matrix Mapping via Azure Sentinel

 

 

 

 

Microsoft Defender for IoT Product Documentation 

You may find product documentation in the Azure portal: 

  • Microsoft Defender for IoT Getting Started launch page 

  

18 Comments
Version history
Last update:
‎May 12 2022 04:32 AM
Updated by: