Blog Post

Microsoft Defender for IoT Blog
4 MIN READ

Microsoft Defender for IoT Ninja Training

kimwall's avatar
kimwall
Former Employee
Jun 09, 2021

The following courses will guide you to becoming an Microsoft Defender for IoT Ninja. 

 

Curriculum  

This training program includes over 28 videos divided into 5 modules. For each session, the post includes a video, and/or a presentation, along with supporting information when relevant: product documentation, blog posts, and additional resources. 
 
The modules are organized into the following groups: 

  • Overview 
  • Basic Features 
  • Deployment 
  • Sentinel Integration 
  • Advanced  

Check back often as additional items will be published regularly.

  

Overview 

Microsoft Defender for IoT enables IT and OT teams to auto-discover their unmanaged IoT/OT assets, identify critical vulnerabilities, and detect anomalous or unauthorized behavior — without impacting IoT/OT stability or performance. 

Microsoft Defender for IoT delivers insights within minutes of being connected to the network, leveraging patented IoT/OT-aware behavioral analytics and machine learning to eliminate the need to configure any rules, signatures, or other static IOCs. To capture the traffic, it uses an on-premises network sensor deployed as a virtual or physical appliance connected to a SPAN port or tap. The sensor implements non-invasive passive monitoring with Network Traffic Analysis (NTA) and Layer 7 Deep Packet Inspection (DPI) to extract detailed IoT/OT information in real-time.

 

This section provides background information on IoT and OT networks and an overview of the Microsoft Defender for IoT platform.

 

Start Here 

 17m: https://www.youtube.com/watch?v=pG2BgxYismo 
  https://github.com/kwall000/d4iot/raw/main/overview/How%20does%20Azure%20Defender%20for%20IoT%20secure%20OT%20environments.pptx Defender for IoT secure OT (operational technology) environments? 
 12m: https://www.youtube.com/watch?v=gxAhPhriGFA 
 https://github.com/kwall000/d4iot/raw/main/overview/What%20is%20the%20Azure%20Defender%20for%20IoT%20Architecture.pptx Defender for IoT Architecture? 

 4m: https://youtu.be/me9GWhWPdns?t=840Defender for IoT Reference Architecture

 

Learn More 

Blog: https://www.microsoft.com/security/blog/2020/11/25/go-inside-the-new-azure-defender-for-iot-including-cyberx/ 

 22m: https://www.youtube.com/watch?v=8spIfxewaeM 
 35m: https://www.youtube.com/watch?v=vU283nfVQFs  
 25m: https://www.youtube.com/watch?v=cTZnX-aHTvU 
 38m: https://www.youtube.com/watch?v=TliTTBi6Do8 
 23m: https://www.youtube.com/watch?v=1xpml17ZaR0 
 13m: https://www.youtube.com/watch?v=Ts9UO-RqaLg 
 13m: https://azure.microsoft.com/en-us/resources/videos/azure-defender-for-iot-agentless-monitoring-demo/ 

Blog: Designing a Robust Defense for Operational Technology Using Microsoft Defender for IoT

Blog: Microsoft scores highest in threat visibility coverage for MITRE ATT&CK for ICS

Blog: How to gain more from your connection to an OT network

 

 

 

Basic Features 

Learn about the core features of the platform including asset discovery, deployment options, reporting, alert handling, event timeline, risk assessment, attack vector simulations, and data mining and baselining.  

 

Start Here 

 43m: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fyoutu.be%2F0v84T4voU1Y&data=04%7C01%7Ckimwall%40microsoft.com%7C73f0cb1819754374e74708d913dca503%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562660783266973%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=gB9N7f1FRjs5VJxbC53%2Fm3u%2FN6ibpez5KcCVjcmRY6M%3D&reserved=0

 https://github.com/kwall000/d4iot/raw/main/basicfeatures/Demonstration%20of%20Microsoft%20Azure%20Defender%20for%20IoT.pptx 
 10m: https://www.youtube.com/watch?v=5mJreslbY-0 

 https://github.com/kwall000/d4iot/raw/main/basicfeatures/Asset%20Discovery%20Solution%20Brief.pdf

 6m: https://www.youtube.com/watch?v=bwembRYA3So 
 https://github.com/kwall000/d4iot/raw/main/basicfeatures/How%20to%20discover%20exploitable%20paths%20using%20attack%20vector%20simulation.pptx 
 8m: https://www.youtube.com/watch?v=Z6M96KqMouMs 
 https://github.com/kwall000/d4iot/raw/main/basicfeatures/How%20to%20run%20reports%20and%20attack%20vector%20simulations.pptx 
 5m: https://www.youtube.com/watch?v=H6_aP12Jfgg 
 11m: https://www.youtube.com/watch?v=laJsScFaE7k 

 https://github.com/kwall000/d4iot/raw/main/basicfeatures/sample-risk-assessment-report.pdf

 9m: https://www.youtube.com/watch?v=Jy472ZcOISA

 https://github.com/kwall000/d4iot/raw/main/basicfeatures/How%20to%20handle%20Microsoft%20Azure%20Defender%20for%20IoT%20Alerts.pptx

 5m: https://www.youtube.com/watch?v=tNSSWrDL0Ec

 https://github.com/kwall000/d4iot/raw/main/basicfeatures/How%20data%20mining%20and%20baselining%20works%20in%20Microsoft%20Defender%20for%20IoT.pptx

 

Learn More 

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-investigate-all-enterprise-sensor-detections-in-a-device-inventory

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-track-sensor-activity#event-timeline

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-create-risk-assessment-reports

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-work-with-alerts-on-your-sensor

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/alert-engine-messages

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-create-data-mining-queries

 52m: https://www.youtube.com/watch?v=tt-j8k0BhTA 
 24m: https://www.youtube.com/watch?v=GHjf2F_DB_M 
 24m: https://www.youtube.com/watch?v=XCDe1AOur8A 

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/architecture 

Blog: Cloud-delivered IoT/OT threat intelligence 

Blog: Microsoft Defender for IoT quick start instructions 

 

 

Deployment 

This section provides details on the deployment and tuning specifics. Learn about the differences between on-premises-only and cloud-connected options. Walk through the licensing components within the Azure portal.  

 

Start Here 

 35m: https://www.youtube.com/watch?v=-0vaH6cXJr0 

 https://github.com/kwall000/d4iot/raw/main/deployment/How%20to%20successfully%20deploy%20a%20sensor.pptx

 15m: https://www.youtube.com/watch?v=e7cHRYt0xAY

 https://github.com/kwall000/d4iot/raw/main/deployment/How%20to%20optimize%20and%20tune%20the%20Microsoft%20Azure%20Defender%20for%20IoT%20platform.pptx

 

Learn More 

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-set-up-your-network

Blog: Designing a Robust Defense for Operational Technology Using Microsoft Defender for IoT 

 33m: https://www.youtube.com/watch?v=T1uvD2-W9t4 

 

 

Sentinel Integration 

For cloud-connected options, remote sensors will send logging and analysis data to Azure. Once in the cloud, logging and asset data may be forwarded to Sentinel. All of the tools within Sentinel become available including automation/playbooks, workbooks, threat hunting and analytics, incident handling, notebooks, and more.  

 

Start Here 

 16m: https://www.youtube.com/watch?v=v52HYWhUjUc 

 5m: https://www.youtube.com/watch?v=tJm_pPnfBlg

 5m: https://microsofteur-my.sharepoint.com/personal/hesaad_microsoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fhesaad%5Fmicrosoft%5Fcom%2FDocuments%2FRecordings%2FMDIoT%20recording%2D20220408%5F162004%2DMeeting%20Recording%2Emp4&parent=%2Fpersonal%2Fhesaad%5Fmicrosoft%5Fcom%2FDocuments%2FRecordings&ga=1

 

Advanced 

Learn about advanced features and integrations including custom alerts, MITRE framework, enterprise data integration, large scale deployments, SOC integration, and more.  

 

Start Here 

 13m: https://www.youtube.com/watch?v=lCGa6DcgPVw 
 https://github.com/kwall000/d4iot/raw/main/advanced/How%20to%20use%20the%20enterprise%20data%20integrator.pptx 

 12m: https://www.youtube.com/watch?v=X_y_CxXEl2A

  53m: https://www.youtube.com/watch?v=O3TJ2D0yVJo

 https://github.com/kwall000/d4iot/raw/main/advanced/How%20Defender%20for%20IoT%20maps%20to%20Mitre.pptx

  5m: https://www.youtube.com/watch?v=tnsUhKBglZM

 53m: https://www.youtube.com/watch?v=8QwHLtk3IPg

  https://github.com/kwall000/d4iot/raw/main/advanced/Large%20Scale%20Deployment%20of%20Azure%20Defender%20for%20IoT.pptx

 

Learn More 

Blog: Looking for Anomalies in your IoT Asset Telemetry 

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-create-custom-alerts 

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-investigate-all-enterprise-sensor-detections-in-a-device-inventory#integrate-data-into-the-enterprise-device-inventory

Blog: Microsoft Defender for IoT Raw-Data and ICS MITRE ATT&CK Matrix Mapping via Azure Sentinel

 

 

 

 

Microsoft Defender for IoT Product Documentation 

You may find product documentation in the Azure portal: 

  • Microsoft Defender for IoT Getting Started https://ms.portal.azure.com/#blade/Microsoft_Azure_IoT_Defender/IoTDefenderDashboard/Getting_Started 
  • https://aka.ms/AzureDefenderforIoTBareMetalAppliance 
  • https://aka.ms/AzureDefenderForIoTNetworkSetup 
  • https://aka.ms/AzureDefenderforIoTInstallSensorISO 
  • https://azure.microsoft.com/en-us/services/azure-defender-for-iot/#product-overview 
  • IoT Security - Microsoft Tech Community 

  

Updated May 12, 2022
Version 30.0

20 Comments