The following courses will guide you to becoming an Microsoft Defender for IoT Ninja.
Curriculum
This training program includes over 28 videos divided into 5 modules. For each session, the post includes a video, and/or a presentation, along with supporting information when relevant: product documentation, blog posts, and additional resources.
The modules are organized into the following groups:
- Overview
- Basic Features
- Deployment
- Sentinel Integration
- Advanced
Check back often as additional items will be published regularly.
Overview
Microsoft Defender for IoT enables IT and OT teams to auto-discover their unmanaged IoT/OT assets, identify critical vulnerabilities, and detect anomalous or unauthorized behavior — without impacting IoT/OT stability or performance.
Microsoft Defender for IoT delivers insights within minutes of being connected to the network, leveraging patented IoT/OT-aware behavioral analytics and machine learning to eliminate the need to configure any rules, signatures, or other static IOCs. To capture the traffic, it uses an on-premises network sensor deployed as a virtual or physical appliance connected to a SPAN port or tap. The sensor implements non-invasive passive monitoring with Network Traffic Analysis (NTA) and Layer 7 Deep Packet Inspection (DPI) to extract detailed IoT/OT information in real-time.
This section provides background information on IoT and OT networks and an overview of the Microsoft Defender for IoT platform.
Start Here |
17m: https://www.youtube.com/watch?v=pG2BgxYismo 4m: https://youtu.be/me9GWhWPdns?t=840Defender for IoT Reference Architecture
|
Learn More |
Blog: https://www.microsoft.com/security/blog/2020/11/25/go-inside-the-new-azure-defender-for-iot-including-cyberx/ 22m: https://www.youtube.com/watch?v=8spIfxewaeM Blog: Designing a Robust Defense for Operational Technology Using Microsoft Defender for IoT Blog: Microsoft scores highest in threat visibility coverage for MITRE ATT&CK for ICS Blog: How to gain more from your connection to an OT network
|
Basic Features
Learn about the core features of the platform including asset discovery, deployment options, reporting, alert handling, event timeline, risk assessment, attack vector simulations, and data mining and baselining.
Start Here |
43m: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fyoutu.be%2F0v84T4voU1Y&data=04%7C01%7Ckimwall%40microsoft.com%7C73f0cb1819754374e74708d913dca503%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562660783266973%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=gB9N7f1FRjs5VJxbC53%2Fm3u%2FN6ibpez5KcCVjcmRY6M%3D&reserved=0 https://github.com/kwall000/d4iot/raw/main/basicfeatures/Demonstration%20of%20Microsoft%20Azure%20Defender%20for%20IoT.pptx 6m: https://www.youtube.com/watch?v=bwembRYA3So 9m: https://www.youtube.com/watch?v=Jy472ZcOISA https://github.com/kwall000/d4iot/raw/main/basicfeatures/How%20to%20handle%20Microsoft%20Azure%20Defender%20for%20IoT%20Alerts.pptx 5m: https://www.youtube.com/watch?v=tNSSWrDL0Ec https://github.com/kwall000/d4iot/raw/main/basicfeatures/How%20data%20mining%20and%20baselining%20works%20in%20Microsoft%20Defender%20for%20IoT.pptx
|
Learn More |
Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-investigate-all-enterprise-sensor-detections-in-a-device-inventory Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-track-sensor-activity#event-timeline Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-create-risk-assessment-reports Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-work-with-alerts-on-your-sensor Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/alert-engine-messages Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-create-data-mining-queries 52m: https://www.youtube.com/watch?v=tt-j8k0BhTA Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/architecture Blog: Cloud-delivered IoT/OT threat intelligence Blog: Microsoft Defender for IoT quick start instructions
|
Deployment
This section provides details on the deployment and tuning specifics. Learn about the differences between on-premises-only and cloud-connected options. Walk through the licensing components within the Azure portal.
Start Here |
35m: https://www.youtube.com/watch?v=-0vaH6cXJr0 https://github.com/kwall000/d4iot/raw/main/deployment/How%20to%20successfully%20deploy%20a%20sensor.pptx 15m: https://www.youtube.com/watch?v=e7cHRYt0xAY https://github.com/kwall000/d4iot/raw/main/deployment/How%20to%20optimize%20and%20tune%20the%20Microsoft%20Azure%20Defender%20for%20IoT%20platform.pptx
|
Learn More |
Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-set-up-your-network Blog: Designing a Robust Defense for Operational Technology Using Microsoft Defender for IoT 33m: https://www.youtube.com/watch?v=T1uvD2-W9t4
|
Sentinel Integration
For cloud-connected options, remote sensors will send logging and analysis data to Azure. Once in the cloud, logging and asset data may be forwarded to Sentinel. All of the tools within Sentinel become available including automation/playbooks, workbooks, threat hunting and analytics, incident handling, notebooks, and more.
Start Here |
16m: https://www.youtube.com/watch?v=v52HYWhUjUc 5m: https://www.youtube.com/watch?v=tJm_pPnfBlg 5m: https://microsofteur-my.sharepoint.com/personal/hesaad_microsoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fhesaad%5Fmicrosoft%5Fcom%2FDocuments%2FRecordings%2FMDIoT%20recording%2D20220408%5F162004%2DMeeting%20Recording%2Emp4&parent=%2Fpersonal%2Fhesaad%5Fmicrosoft%5Fcom%2FDocuments%2FRecordings&ga=1 |
Advanced
Learn about advanced features and integrations including custom alerts, MITRE framework, enterprise data integration, large scale deployments, SOC integration, and more.
Start Here |
13m: https://www.youtube.com/watch?v=lCGa6DcgPVw 12m: https://www.youtube.com/watch?v=X_y_CxXEl2A 53m: https://www.youtube.com/watch?v=O3TJ2D0yVJo https://github.com/kwall000/d4iot/raw/main/advanced/How%20Defender%20for%20IoT%20maps%20to%20Mitre.pptx 5m: https://www.youtube.com/watch?v=tnsUhKBglZM 53m: https://www.youtube.com/watch?v=8QwHLtk3IPg https://github.com/kwall000/d4iot/raw/main/advanced/Large%20Scale%20Deployment%20of%20Azure%20Defender%20for%20IoT.pptx
|
Learn More |
Blog: Looking for Anomalies in your IoT Asset Telemetry Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-create-custom-alerts Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-investigate-all-enterprise-sensor-detections-in-a-device-inventory#integrate-data-into-the-enterprise-device-inventory Blog: Microsoft Defender for IoT Raw-Data and ICS MITRE ATT&CK Matrix Mapping via Azure Sentinel
|
Microsoft Defender for IoT Product Documentation
You may find product documentation in the Azure portal:
- Microsoft Defender for IoT Getting Started https://ms.portal.azure.com/#blade/Microsoft_Azure_IoT_Defender/IoTDefenderDashboard/Getting_Started
- https://aka.ms/AzureDefenderforIoTBareMetalAppliance
- https://aka.ms/AzureDefenderForIoTNetworkSetup
- https://aka.ms/AzureDefenderforIoTInstallSensorISO
- https://azure.microsoft.com/en-us/services/azure-defender-for-iot/#product-overview
- IoT Security - Microsoft Tech Community