Microsoft Defender for IoT Ninja Training

Hello David. Apologies for the delay in answering your question. I've been out of the country for a few weeks. We are working on getting the slide decks/PDF's posted. However, I do not believe they will help with your specific question. When deploying Defender for IoT in an air-gapped environment, the sensor may be locally accessed and monitored without the need for a central manager. This solution is agentless and out-of-band and therefore not inline to any traffic. This is by design. Most industrial network owners resist solutions which are inline, place packets on the process control network, or require an in-band endpoint agent (any of these could potentially cause unplanned downtime, which is high on the list of things which should never happen in OT networks). Defender for IoT operates on SPAN'd/brokered network traffic and would see malicious activities when they happen - regardless of where they originate, including USB media. Note that the connection of the USB is not something that will be seen with this solution, but any network activity generated will be seen. Using patented machine-to-machine analytics, a baseline is learned and continually adjusted to ensure that good/authorized traffic is always known. When malicious traffic is introduced to the environment, it will inevitably deviate from the baseline of what is known to be good and one or more alerts will be raised at that time. 

Will there ever be a MS accredited Defender for IoT course? These materials are great, but it would be better for clients/consultants alike if one could achieve admin/user/analyst accreditations. 

kimwall most of this material is over 1 year old and there have been many changes since then. Are there any plans to update this content? 

kimwall I am following up on my previous request, this training material seems to have been abandoned. Are we on our own to find the best resources? Sean_Wasonga 

Thank you kimwall for Sharing with the Community 

kimwall as per JamesvandenBerg comment - thanks massively for sharing.

Quick question if I may? as I'm under a time crunch

When are the slide decks going to be available?

I'm specifically looking for the L300/400 details of exactly *how* the OT devices are secured in Air-gapped environments if the solution is relying on an agentless solution? how can that protect devices from potentially malicious content on USB devices being introduced inadvertently?

Regards,
Dave C

David Caddick the slide decks have been added

Remind your customers that taking shortcuts frequently results in making it easier for attackers and cost more in the long run. 

kimwall The Defender for IoT Architecture deck is still referring to CyberX. How much longer should we use that companies names in discussions with our Clients? they were purchase by MS quite a while ago. 

kimwall  In the Sentinel Integration section, the link to Doc: Security Operations, Automation, and Response with Azure Sentinel does not work

Dean_Gross, thank you for pointing out the mis-functioning link. It has been removed for now. As for references to CyberX, I came to Microsoft as a part of that acquisition  and am very much aware that the name has changed to Azure Defender for IoT. However, in the case of this video and deck, they were recorded shortly after the acquisition so it made sense to mention both. Going forward, this won't be the case, but depending on the session on this page, you may see or hear the previous name a time or two. Old habits die hard, but we are getting there.