Blog Post

Microsoft Defender for IoT Blog
4 MIN READ

Microsoft Defender for IoT Ninja Training

kimwall's avatar
kimwall
Brass Contributor
Jun 09, 2021

The following courses will guide you to becoming an Microsoft Defender for IoT Ninja. 

 

Curriculum  

This training program includes over 28 videos divided into 5 modules. For each session, the post includes a video, and/or a presentation, along with supporting information when relevant: product documentation, blog posts, and additional resources. 
 
The modules are organized into the following groups: 

  • Overview 
  • Basic Features 
  • Deployment 
  • Sentinel Integration 
  • Advanced  

Check back often as additional items will be published regularly.

  

Overview 

Microsoft Defender for IoT enables IT and OT teams to auto-discover their unmanaged IoT/OT assets, identify critical vulnerabilities, and detect anomalous or unauthorized behavior — without impacting IoT/OT stability or performance. 

Microsoft Defender for IoT delivers insights within minutes of being connected to the network, leveraging patented IoT/OT-aware behavioral analytics and machine learning to eliminate the need to configure any rules, signatures, or other static IOCs. To capture the traffic, it uses an on-premises network sensor deployed as a virtual or physical appliance connected to a SPAN port or tap. The sensor implements non-invasive passive monitoring with Network Traffic Analysis (NTA) and Layer 7 Deep Packet Inspection (DPI) to extract detailed IoT/OT information in real-time.

 

This section provides background information on IoT and OT networks and an overview of the Microsoft Defender for IoT platform.

 

Start Here 

 17m: https://www.youtube.com/watch?v=pG2BgxYismo 
  https://github.com/kwall000/d4iot/raw/main/overview/How%20does%20Azure%20Defender%20for%20IoT%20secure%20OT%20environments.pptx Defender for IoT secure OT (operational technology) environments? 
 12m: https://www.youtube.com/watch?v=gxAhPhriGFA 
 https://github.com/kwall000/d4iot/raw/main/overview/What%20is%20the%20Azure%20Defender%20for%20IoT%20Architecture.pptx Defender for IoT Architecture? 

 4m: https://youtu.be/me9GWhWPdns?t=840Defender for IoT Reference Architecture

 

Learn More 

Blog: https://www.microsoft.com/security/blog/2020/11/25/go-inside-the-new-azure-defender-for-iot-including-cyberx/ 

 22m: https://www.youtube.com/watch?v=8spIfxewaeM 
 35m: https://www.youtube.com/watch?v=vU283nfVQFs  
 25m: https://www.youtube.com/watch?v=cTZnX-aHTvU 
 38m: https://www.youtube.com/watch?v=TliTTBi6Do8 
 23m: https://www.youtube.com/watch?v=1xpml17ZaR0 
 13m: https://www.youtube.com/watch?v=Ts9UO-RqaLg 
 13m: https://azure.microsoft.com/en-us/resources/videos/azure-defender-for-iot-agentless-monitoring-demo/ 

Blog: Designing a Robust Defense for Operational Technology Using Microsoft Defender for IoT

Blog: Microsoft scores highest in threat visibility coverage for MITRE ATT&CK for ICS

Blog: How to gain more from your connection to an OT network

 

 

 

Basic Features 

Learn about the core features of the platform including asset discovery, deployment options, reporting, alert handling, event timeline, risk assessment, attack vector simulations, and data mining and baselining.  

 

Start Here 

 43m: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fyoutu.be%2F0v84T4voU1Y&data=04%7C01%7Ckimwall%40microsoft.com%7C73f0cb1819754374e74708d913dca503%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562660783266973%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=gB9N7f1FRjs5VJxbC53%2Fm3u%2FN6ibpez5KcCVjcmRY6M%3D&reserved=0

 https://github.com/kwall000/d4iot/raw/main/basicfeatures/Demonstration%20of%20Microsoft%20Azure%20Defender%20for%20IoT.pptx 
 10m: https://www.youtube.com/watch?v=5mJreslbY-0 

 https://github.com/kwall000/d4iot/raw/main/basicfeatures/Asset%20Discovery%20Solution%20Brief.pdf

 6m: https://www.youtube.com/watch?v=bwembRYA3So 
 https://github.com/kwall000/d4iot/raw/main/basicfeatures/How%20to%20discover%20exploitable%20paths%20using%20attack%20vector%20simulation.pptx 
 8m: https://www.youtube.com/watch?v=Z6M96KqMouMs 
 https://github.com/kwall000/d4iot/raw/main/basicfeatures/How%20to%20run%20reports%20and%20attack%20vector%20simulations.pptx 
 5m: https://www.youtube.com/watch?v=H6_aP12Jfgg 
 11m: https://www.youtube.com/watch?v=laJsScFaE7k 

 https://github.com/kwall000/d4iot/raw/main/basicfeatures/sample-risk-assessment-report.pdf

 9m: https://www.youtube.com/watch?v=Jy472ZcOISA

 https://github.com/kwall000/d4iot/raw/main/basicfeatures/How%20to%20handle%20Microsoft%20Azure%20Defender%20for%20IoT%20Alerts.pptx

 5m: https://www.youtube.com/watch?v=tNSSWrDL0Ec

 https://github.com/kwall000/d4iot/raw/main/basicfeatures/How%20data%20mining%20and%20baselining%20works%20in%20Microsoft%20Defender%20for%20IoT.pptx

 

Learn More 

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-investigate-all-enterprise-sensor-detections-in-a-device-inventory

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-track-sensor-activity#event-timeline

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-create-risk-assessment-reports

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-work-with-alerts-on-your-sensor

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/alert-engine-messages

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-create-data-mining-queries

 52m: https://www.youtube.com/watch?v=tt-j8k0BhTA 
 24m: https://www.youtube.com/watch?v=GHjf2F_DB_M 
 24m: https://www.youtube.com/watch?v=XCDe1AOur8A 

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/architecture 

Blog: Cloud-delivered IoT/OT threat intelligence 

Blog: Microsoft Defender for IoT quick start instructions 

 

 

Deployment 

This section provides details on the deployment and tuning specifics. Learn about the differences between on-premises-only and cloud-connected options. Walk through the licensing components within the Azure portal.  

 

Start Here 

 35m: https://www.youtube.com/watch?v=-0vaH6cXJr0 

 https://github.com/kwall000/d4iot/raw/main/deployment/How%20to%20successfully%20deploy%20a%20sensor.pptx

 15m: https://www.youtube.com/watch?v=e7cHRYt0xAY

 https://github.com/kwall000/d4iot/raw/main/deployment/How%20to%20optimize%20and%20tune%20the%20Microsoft%20Azure%20Defender%20for%20IoT%20platform.pptx

 

Learn More 

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-set-up-your-network

Blog: Designing a Robust Defense for Operational Technology Using Microsoft Defender for IoT 

 33m: https://www.youtube.com/watch?v=T1uvD2-W9t4 

 

 

Sentinel Integration 

For cloud-connected options, remote sensors will send logging and analysis data to Azure. Once in the cloud, logging and asset data may be forwarded to Sentinel. All of the tools within Sentinel become available including automation/playbooks, workbooks, threat hunting and analytics, incident handling, notebooks, and more.  

 

Start Here 

 16m: https://www.youtube.com/watch?v=v52HYWhUjUc 

 5m: https://www.youtube.com/watch?v=tJm_pPnfBlg

 5m: https://microsofteur-my.sharepoint.com/personal/hesaad_microsoft_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fhesaad%5Fmicrosoft%5Fcom%2FDocuments%2FRecordings%2FMDIoT%20recording%2D20220408%5F162004%2DMeeting%20Recording%2Emp4&parent=%2Fpersonal%2Fhesaad%5Fmicrosoft%5Fcom%2FDocuments%2FRecordings&ga=1

 

Advanced 

Learn about advanced features and integrations including custom alerts, MITRE framework, enterprise data integration, large scale deployments, SOC integration, and more.  

 

Start Here 

 13m: https://www.youtube.com/watch?v=lCGa6DcgPVw 
 https://github.com/kwall000/d4iot/raw/main/advanced/How%20to%20use%20the%20enterprise%20data%20integrator.pptx 

 12m: https://www.youtube.com/watch?v=X_y_CxXEl2A

  53m: https://www.youtube.com/watch?v=O3TJ2D0yVJo

 https://github.com/kwall000/d4iot/raw/main/advanced/How%20Defender%20for%20IoT%20maps%20to%20Mitre.pptx

  5m: https://www.youtube.com/watch?v=tnsUhKBglZM

 53m: https://www.youtube.com/watch?v=8QwHLtk3IPg

  https://github.com/kwall000/d4iot/raw/main/advanced/Large%20Scale%20Deployment%20of%20Azure%20Defender%20for%20IoT.pptx

 

Learn More 

Blog: Looking for Anomalies in your IoT Asset Telemetry 

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-create-custom-alerts 

Doc: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-investigate-all-enterprise-sensor-detections-in-a-device-inventory#integrate-data-into-the-enterprise-device-inventory

Blog: Microsoft Defender for IoT Raw-Data and ICS MITRE ATT&CK Matrix Mapping via Azure Sentinel

 

 

 

 

Microsoft Defender for IoT Product Documentation 

You may find product documentation in the Azure portal: 

  • Microsoft Defender for IoT Getting Started https://ms.portal.azure.com/#blade/Microsoft_Azure_IoT_Defender/IoTDefenderDashboard/Getting_Started 
  • https://aka.ms/AzureDefenderforIoTBareMetalAppliance 
  • https://aka.ms/AzureDefenderForIoTNetworkSetup 
  • https://aka.ms/AzureDefenderforIoTInstallSensorISO 
  • https://azure.microsoft.com/en-us/services/azure-defender-for-iot/#product-overview 
  • IoT Security - Microsoft Tech Community 

  

Updated May 12, 2022
Version 30.0
microsoft defender for iot

20 Comments

  • Jerome_Lejeau's avatar
    Jerome_Lejeau
    Copper Contributor
    Jun 10, 2024

    Jumping on Dean_Gross comment - this material was useful and should be maintained. It really helps to onboard new comers.

  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor
    Jun 08, 2024

    kimwall I am following up on my previous request, this training material seems to have been abandoned. Are we on our own to find the best resources? Sean_Wasonga 

  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor
    Nov 09, 2022

    kimwall most of this material is over 1 year old and there have been many changes since then. Are there any plans to update this content? 

  • ry__panov__'s avatar
    ry__panov__
    Brass Contributor
    Aug 18, 2022

    Will there ever be a MS accredited Defender for IoT course? These materials are great, but it would be better for clients/consultants alike if one could achieve admin/user/analyst accreditations. 

  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor
    Mar 13, 2022

    In the How to use the Enterprise Data Integrator recording, it was mentioned that we could use the native token generation capability to avoid putting passwords into scripts. Can we use Azure Managed Identities or Key Vault with Defender for IoT for this purpose?

  • LinuVarghese's avatar
    LinuVarghese
    Copper Contributor
    Jan 31, 2022

    Hi Microsoft Defender for IoT Team,

    Will Microsoft be maintaining the CyberX app for QRadar?  We have a customer that is using the CyberX sensors in their production facilities and it is integrated to the QRadar SIEM deployed ion their data center using the CyberX app for QRadar.  This app has not been updated since  2017 .

  • Peter_Addison's avatar
    Peter_Addison
    Copper Contributor
    Dec 03, 2021

    AZ-220 is more focused on sensors in general, managing them, configuring the Azure workspace to use the data sent by them not necessarily sending data to Sentinel but where the data may have a business meaning e.g. condition monitoring, so things like PowerBI might be used along with hot/cold storage to analyse real/non-realtime.

  • nothing123's avatar
    nothing123
    Copper Contributor
    Oct 21, 2021

    Hi There,

     

    Great work and it is very useful.

     

    Thank you for all the great material.

     

    Regards,
    Neeraj