Azure Defender for IoT
Continuous asset discovery, vulnerability management and threat detection for your Internet of Things (IoT) and operational technology (OT) devices
Simplified, modern, intelligent IoT/OT security
Accelerate IoT/OT innovation with comprehensive security across all of your IoT/OT devices. For end-user organisations, Azure Defender for IoT offers agentless, network-layer security that is rapidly deployed, works with diverse industrial equipment and interoperates with Azure Sentinel and other SOC tools. Deploy on-premises or in Azure-connected environments. For IoT device builders, Azure Defender for IoT offers lightweight agents to embed device-layer security into new IoT/OT initiatives.
Full visibility into assets and risk across your entire IoT/OT environment
Continuous monitoring for threats and vulnerabilities, with IoT/OT-aware behavioural analytics and threat intelligence
Interoperability with Azure Sentinel for investigating and responding to multi-stage attacks that cross IT/OT boundaries
Flexible deployment options including on-premises, Azure-connected or hybrid
For end-user organisations: Protect industrial IoT/OT environments with agentless monitoring
Discover all of your IoT/OT devices
Use passive, agentless network monitoring to gain a complete inventory of all of your IoT/OT assets, with zero impact on the IoT/OT network. Analyse diverse industrial protocols to identify device details including manufacturer, type, serial number, firmware level and IP or Media Access Control (MAC) address. Visualise your entire IoT/OT network topology, see device communication paths and quickly identify the root cause of operational issues such as misconfigured devices.
Protect devices with a risk-based approach
Proactively address vulnerabilities in your IoT/OT environment. Identify risks such as unpatched devices, open ports, unauthorised applications and unauthorised connections. Detect changes to device configurations, programmable logic controller (PLC) code and firmware. Prioritise fixes based on risk scoring and automated threat modelling, which identifies the most likely attack paths to compromise your crown jewel assets.
Detect threats with IoT/OT behavioural analytics
Monitor for anomalous or unauthorised activity using IoT/OT-aware behavioural analytics and threat intelligence. Strengthen IoT/OT zero trust by instantly detecting unauthorised or compromised devices. Rapidly triage real-time alerts, investigate historical traffic and hunt for threats. Catch modern threats such as zero-day malware and living-off-the-land tactics missed by static indicators of compromise (IOCs). Explore full-fidelity packet captures (PCAPs) for deeper analysis.
Unify IT/OT security with SIEM/SOAR and XDR
Get a bird’s eye view across IT/OT boundaries with interoperability with Azure Sentinel, cloud-native SIEM/SOAR. Automate response with IoT/OT playbooks. Use machine learning and threat intelligence from trillions of signals. Manage your security posture across cloud workloads with Azure Security Center and protect them with extended detection and response (XDR) from Azure Defender. What’s more, get interoperability with other SOC tools such as Splunk, IBM QRadar and ServiceNow.Learn why Azure Sentinel is a Forrester Wave leader
For device manufacturers: Build security into new IoT initiatives
Built-in security for new IoT projects
Help protect new IoT devices and Azure IoT projects from day one by deploying Azure Defender for IoT security micro-agents. Reduce risk with real-time security posture monitoring across standard IoT operating systems. Support policies and compliance with continuous visibility into your IoT security, directly from the endpoint. Use Microsoft threat intelligence to detect evolving threats. Create custom alerts to define the most critical threats to your environment.Learn more about security micro-agents
Protect IoT devices with minimal endpoint impact
Deploy endpoint security with minimal impact to your IoT devices – the Azure Defender for IoT security micro-agent has a small footprint and no OS kernel dependencies. Deploy with the distribution model that works best for your devices, and modify source code to further customise the agent to your needs. Micro-agents are available for standard IoT operating systems, including Linux and Azure RTOS.
Secure your Azure IoT projects from edge to cloud
Use Azure Defender for IoT with solutions such as Azure IoT Edge and Azure RTOS to help secure your projects from edge to cloud, with security recommendations and alerts directly in Azure IoT Hub. Unify security posture management across your cloud workloads with Azure Security Center and help protect those workloads using extended detection and response (XDR) from Azure Defender. Connect to Azure Sentinel to feed IoT security alerts into your view across your entire enterprise.
Get intelligent security, built-in, with Azure
- Benefit from Microsoft cybersecurity expertise, with more than USD 1 billion invested annually on research and development.
- Monitor security posture across your resources, including servers, storage and workloads, with Azure Security Center.
- Protect your hybrid cloud resources, including servers, data and containers, with XDR from Azure Defender.
- Modernise security operations with Azure Sentinel, cloud-native SIEM powered by AI – a leader in the Forrester Wave.
Azure Defender for IoT pricing
Azure Defender for IoT offers two solutions: agentless monitoring for IoT/OT environments and security for new devices for device builders.
- Agentless monitoring is free of charge for the first 1,000 committed devices for the first 30 days. After that, you’ll automatically be charged by device commitment.
- Security for new devices provisioned and managed via IoT Hub, such as those that have the micro-agent deployed, is free of charge for 30 days. After that, you’ll pay per device or per message.
Azure Defender for IoT resources
Agentless monitoring resources
Security micro-agent resources
"The Azure IoT security solution is straightforward to implement while enabling us to efficiently manage system security and resiliency across multiple distributed locations."Adi Karisik, Global Technology Leader for Operational Technology, Jacobs
Frequently asked questions about Azure Defender for IoT
Azure Defender for IoT offers two sets of capabilities. One is agentless monitoring via passive network traffic analysis (NTA) and the other is an additional layer of security delivered via endpoint micro-agents. Agentless monitoring is ideal for all IoT/OT environments, while the security micro-agent is intended for device builders who want to build a higher level of security into new devices. End-user organisations can also use a combination of the two.
Azure Defender provides threat detection for your cloud workload environments, while Azure Defender for IoT specifically helps protect IoT/OT devices from the specialised threats that they face. Adversaries use different methods to target IT and IoT/OT networks. Azure Defender for IoT detects threats by analysing the specialised protocols, devices and machine-to-machine behaviours found in IoT/OT environments.
Azure Sentinel is a cloud-native SIEM/SOAR platform with advanced AI and security analytics to help you detect, hunt, prevent and respond to threats across your enterprise. Azure Defender for IoT is a specialised asset discovery and security monitoring solution for IoT/OT environments. While the services are interoperable, Azure Sentinel isn’t required. Azure Defender for IoT is an open system that also works with tools such as Splunk, IBM QRadar and ServiceNow.
Azure Sphere is an end-to-end solution for building secure devices that incorporate the Azure Sphere chip, run the Azure Sphere operating system and connect to the Azure Sphere security service. Alternatively, device builders can incorporate the Azure Defender for IoT security micro-agent, which supports standard IoT operating systems such as Linux and Azure RTOS. For end-user organisations, Azure Defender for IoT offers agentless monitoring, which doesn’t require changes to existing environments.
Azure Defender for IoT uses an on-premises network sensor (edge device) that connects to the SPAN port of a switch or to a TAP. It analyses a copy of the traffic using passive monitoring with zero network impact. All analysis is performed at the edge, making it ideal for sites with low-bandwidth connections. In addition, the traffic flows unidirectionally, from the switch to the sensor, for enhanced security and ISA-95 compliance. You can deploy on-premises or in the cloud.
Azure Defender for IoT supports a broad range of protocols across diverse industrial equipment, including Modbus, DNP3, BACnet, EtherNet/IP, DeltaV, ROC, Siemens S7, Yokogawa, IEC 61850, OPC UA and GOOSE. For custom or proprietary protocols, Microsoft offers an open SDK for easy development, testing and deployment of custom protocol dissectors as plug-ins, without divulging proprietary information about how protocols are designed or sharing PCAPs that may contain sensitive information.