In April we announced the public preview of a new feature area for Microsoft Defender for Endpoint which enabled the discovery of unmanaged and unauthorized endpoints (workstations, servers and mobile) and network devices. This functionality has since become generally available and today we are announcing our next step in the journey to ensure our customers can get complete visibility to both the managed and unmanaged devices running on their IT networks.
Starting today, the public preview for Defender for Endpoint has been updated to discover enterprise IoT devices including VoIP devices, printers, cameras, smart TVs and even digital assistants just to name a few. These devices will appear in a new section named IoT devices which can be found within Device inventory.
Figure 1: The IoT Devices view under Device Inventory lists each devices as well as properties about them including type, vendor, model just to name a few.
The ability to create a complete inventory of all of the devices on IT networks - including enterprise IoT devices - has emerged as a top pain point for our Defender for Endpoint customers, and we are excited add this new functionality to the product.
Click here to learn how to enable the preview and please give us your feedback.
In addition to our IoT device discovery announcement, we also wanted to inform you about a related public preview that is launching today as well. This preview is for Microsoft Defender for IoT which was announced last month at Ignite.
While Defender for Endpoint now includes capabilities to perform device discovery for all devices on IT networks, the vulnerability management, detection, and response capabilities to secure enterprise IoT requires a very different approach and set of technologies. A couple of key differences include the inability to deploy agents to IoT devices and the need to analyze network data to secure the devices themselves. Microsoft Defender for IoT includes the technologies to address these challenges.
When Defender for IoT is running alongside Defender for Endpoint, you’re gaining access to a new signal source that will enrich all of the vulnerability management, detection and response capabilities that you’re already familiar within the Microsoft 365 security console. It’s fully integrated.
This means that in Security recommendations view you’re going to start seeing recommendations for enterprise IoT devices. One of the most common that you’re likely to encounter are recommendations suggesting you upgrade unpatched firmware that include exploitable vulnerabilities. This isn’t surprising since have low confidence that they‘re successfully keeping their IoT devices up to date.
Figure 2: Prioritize vulnerabilities and misconfigurations and use integrated workflows to bring devices into a more secure state.
In the Incidents view you’ll find that Incidents are now inclusive of enterprise IoT devices that are involved in the kill-chain. The manual work typically done by organizations to correlate IoT related alerts into the broader incidents they are part of is fully automated, so you can perform faster and more complete incident response.
Figure 3: View prioritized incidents that are inclusive of IT and IoT devices all in a single dashboard to reduce confusion, clutter, investigation times, and alert fatigue.
These are just a few examples of what is possible with Defender for IoT and Defender for Endpoint working together, and we hope you’re as excited as we are about the new capabilities. Later on in the preview product cycle we’ll be adding additional features like detections and responses for enterprise IoT devices. Stay tuned more news on that!
Click here to try the public preview for both Defender for Endpoint and Defender for IoT today and please give us your feedback. We look forward to considering it!