MicrosoftDocs
diff --git a/‎defender-for-iot/TOC.yml‎
Lines changed: 11 additions & 1 deletion b/‎defender-for-iot/TOC.yml‎
Lines changed: 11 additions & 1 deletion
diff --git a/‎defender-for-iot/device-discovery.md‎
Lines changed: 12 additions & 1 deletion b/‎defender-for-iot/device-discovery.md‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎defender-for-iot/enterprise-iot-get-started.md‎
Lines changed: 142 additions & 0 deletions b/‎defender-for-iot/enterprise-iot-get-started.md‎
Lines changed: 142 additions & 0 deletions
diff --git a/‎defender-for-iot/enterprise-iot-licenses.md‎
Lines changed: 40 additions & 0 deletions b/‎defender-for-iot/enterprise-iot-licenses.md‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎defender-for-iot/enterprise-iot-manage.md‎
Lines changed: 80 additions & 0 deletions b/‎defender-for-iot/enterprise-iot-manage.md‎
Lines changed: 80 additions & 0 deletions
@@ -11,7 +11,17 @@
       - name: What's new
         href: whats-new.md  
       - name: Site security
-        href: site-security-overview.md  
+        href: site-security-overview.md     
+      - name: Enterprise IoT
+        items:
+          - name: Enterprise IoT overview
+            href: enterprise-iot.md
+          - name: Enterprise IoT licenses
+            href: enterprise-iot-licenses.md
+          - name: Get started with enterprise IoT
+            href: enterprise-iot-get-started.md      
+          - name: Manage enterprise IoT
+            href: enterprise-iot-manage.md 
     - name: Get started
       items:
       - name: Prerequisites
 
@@ -5,7 +5,7 @@ ms.service: defender-for-iot
 author: limwainstein
 ms.author: lwainstein
 ms.localizationpriority: medium
-ms.date: 06/19/2024
+ms.date: 08/19/2024
 ms.topic: conceptual
 ---
 
@@ -64,6 +64,17 @@ Defender for IoT's device inventory supports the following device classes:
 |**Enterprise**|Smart devices, printers,  communication devices, or audio/video devices|
 |**Retail**|Barcode scanners, humidity sensor, punch clocks|
 
+### Identified, unique devices
+
+Defender for IoT can discover all devices, of any type, across all environments. Devices are listed in the Defender for IoT **Device inventory** pages based on a unique IP and MAC address coupling.
+
+Defender for IoT identifies single and unique devices as follows:
+
+|Type  |Description  |
+|---------|---------|
+|**Identified as individual devices**     |    Devices identified as *individual* devices include:<br>**IT, OT, or IoT devices with one or more NICs**, including network infrastructure devices such as switches and routers<br><br>**Note**: A device with modules or backplane components, such as racks or slots, is counted as a single device, including all modules or backplane components.|
+|**Not identified as individual devices**     | The following items *aren't* considered as individual devices, and do not count against your license:<br><br>- **Public internet IP addresses** <br>- **Multi-cast groups**<br>- **Broadcast groups**<br>- **Inactive devices**<br><br> Network-monitored devices are marked as *inactive* when there's no network activity detected within a specified time:<br><br> - **OT networks**: No network activity detected for more than 60 days<br> - **Enterprise IoT networks**: No network activity detected for more than 30 days<br><br>**Note**: Endpoints already managed by Defender for Endpoint are not considered as separate devices by Defender for IoT.  |
+
 ## Next steps
 
 [Discover and manage devices](manage-devices-inventory.md)
@@ -0,0 +1,142 @@
+---
+title: Get started for Enterprise IoT for Microsoft Defender for IoT in the Defender portal
+description: Learn how to set up and start monitoring enterprise IoT devices using Microsoft Defender for IoT in the Microsoft Defender portal.
+ms.service: defender-for-iot
+author: limwainstein
+ms.author: lwainstein
+ms.localizationpriority: medium
+ms.date: 08/25/2024
+ms.topic: how-to
+---
+
+# Get started with enterprise IoT
+
+Enterprise IoT security improves the monitoring and protection of the IoT devices in your network, such as printers, smart TVs, Voice over Internet Protocol (VoIP) devices, conferencing systems and purpose-built, proprietary devices.
+
+The security monitoring includes IoT related alerts, vulnerabilities, and recommendations that are integrated with your existing Microsoft Defender for Endpoint data. To understand more about the integration between Defender for Endpoint and Defender for IoT, see [enterprise IoT overview](enterprise-iot.md).
+
+In this article you'll learn how to add enterprise IoT to your Microsoft Defender portal and use the IoT specific security features to protect your IoT environment.
+
+[!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
+
+## Prerequisites
+
+Make sure that you have:
+
+- IoT devices in your network, visible in the Microsoft Defender portal **Device inventory**
+
+- Access to the Microsoft Defender Portal as a [Security administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator)
+
+- One of the following licenses:
+
+    - A Microsoft 365 E5 (ME5) or E5 Security license. Enterprise IoT security is included in this package and needs to be turned on.
+
+    - Microsoft Defender for Endpoint P2, with an extra, standalone **Microsoft Defender for IoT - EIoT Device License - add-on** license, available for trial or purchase from the Microsoft 365 admin center.
+
+## Add enterprise IoT security in the Defender portal
+
+There are two ways to add enterprise IoT to the Defender portal:
+
+- ME5/ E5 Security customers: Turn on support for enterprise IoT Security in the Defender Portal. For more information, see [turn on enterprise IoT security](#me5-e5-security-customers).
+
+- Defender for Endpoint P2 customers: Start with a free trial or purchase standalone, per-device licenses to gain the same IoT-specific security value. For more information, see [set up a standalone trial license](#set-up-a-standalone-trial-license). To purchase a full license, see [purchase the standalone full license](#set-up-a-standalone-full-license).
+
+## ME5/ E5 Security customers
+
+This procedure describes how to turn on enterprise IoT security in Defender portal for ME5/ E5 Security customers.
+
+If you have extra devices that aren't covered by your ME5/E5 licenses, you can purchase standalone licenses. For more information, see [set up a standalone full license](#set-up-a-standalone-full-license).
+
+**To turn on enterprise IoT security**:
+
+1. In [Microsoft Defender portal](https://security.microsoft.com/), select **Settings** > **Device Discovery** > **Enterprise IoT**.
+
+    > [!NOTE]
+    >
+    > Ensure you have turned on Device Discovery in **Settings** > **Endpoints** > **Advanced Features**.
+
+1. Toggle the Enterprise IoT security option to **On**. For example:
+
+    :::image type="content" source="media/enterprise-iot-get-started/eiot-toggle-on.png" alt-text="Screenshot of enterprise IoT toggled on in Microsoft Defender portal.":::
+
+## Defender for Endpoint P2 customers
+
+Customers with a Microsoft Defender for Endpoint P2 license only can use a trial standalone license for enterprise IoT security.
+
+You can also purchase a license using the Microsoft 365 admin center. Before purchasing the license you need to [calculate the number of monitored devices in your network](#calculate-monitored-devices-for-enterprise-iot-security) to determine how many licenses you need.
+
+### Set up a standalone trial license
+
+**To start an enterprise IoT trial**:
+
+1. Go to the [Microsoft 365 admin center](https://portal.office.com/AdminPortal/Home#/catalog) > **Marketplace**.
+
+1. Search for the **Microsoft Defender for IoT - EIoT Device License - add-on** and filter the results by **Other services**. For example:
+
+    :::image type="content" source="media/enterprise-iot-get-started/eiot-standalone.png" alt-text="Screenshot of the Marketplace search results for the EIoT Device License.":::
+
+    > [!IMPORTANT]
+    >
+    > The prices shown in this image are for example purposes only and are not intended to reflect actual prices.
+
+1. Under **Microsoft Defender for IoT - EIoT Device License - add-on**, select **Details**.
+
+1. On the **Microsoft Defender for IoT - EIoT Device License - add-on** page, select **Start free trial**. On the **Check out** page, select **Try now**.
+
+> [!TIP]
+> Make sure to [assign your licenses to specific users](/microsoft-365/admin/manage/assign-licenses-to-users) to start using them.
+
+### Set up a standalone full license
+
+Before purchasing a license you must calculate the number of devices you're monitoring.
+
+#### Calculate monitored devices for enterprise IoT security
+
+Use the following procedure to calculate how many devices you need to monitor if:
+
+- You're an ME5/E5 Security customer and think you need to monitor more devices than the devices allocated per ME5/E5 Security license
+- You're a Defender for Endpoint P2 customer who's purchasing standalone enterprise IoT licenses
+
+**To calculate the number of devices you're monitoring:**
+
+1. In [Microsoft Defender portal](https://security.microsoft.com/), select **Assets** > **Devices** to open the **Device inventory** page.
+
+1. Note down the total number of **IoT devices** listed.
+
+    For example:
+
+    :::image type="content" source="media/enterprise-iot-get-started/device-inventory-iot.png" alt-text="Screenshot of network device and IoT devices in the device inventory in Microsoft Defender for Endpoint." lightbox="media/enterprise-iot-get-started/device-inventory-iot.png":::
+
+1. Round your total to a multiple of 100 and compare it against the number of licenses you have. For example:
+
+    - If in Microsoft Defender portal **Device inventory**, you have *1204* IoT devices.
+    - Round down to *1200* devices.
+    - You have 240 ME5 licenses, which cover **1200** devices.
+
+    You need another **4** standalone devices to cover the gap.
+
+For more information, see the [Defender for Endpoint Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery).
+
+> [!NOTE]
+> Devices listed on the **Computers & Mobile** tab, including those managed by Defender for Endpoint or otherwise, are not included in the number of [devices](device-discovery.md#identified-unique-devices) monitored by Defender for IoT.
+
+#### Purchase the standalone license
+
+To purchase the standalone full license:
+
+1. Go to the [Microsoft 365 admin center](https://portal.office.com/AdminPortal/Home#/catalog) **Billing > Purchase services**. If you don't have this option, select **Marketplace** instead.
+
+1. Search for the **Microsoft Defender for IoT - EIoT Device License - add-on** and filter the results by **Other services**. For example:
+
+    :::image type="content" source="media/enterprise-iot-get-started/eiot-standalone.png" alt-text="Screenshot of the Marketplace search results for the EIoT Device License.":::
+
+    > [!IMPORTANT]
+    > The prices shown in this image are for example purposes only and are not intended to reflect actual prices.
+
+1. On the **Microsoft Defender for IoT - EIoT Device License - add-on** page, enter your selected license quantity, select a billing frequency, and then select **Buy**.
+
+For more information, see the [Microsoft 365 admin center help](/microsoft-365/admin/).
+
+## Next steps
+
+[Manage enterprise IoT](enterprise-iot-manage.md)
@@ -0,0 +1,40 @@
+---
+title: Set up and managing of licenses of enterprise IoT for Microsoft Defender for IoT in the Defender portal
+description: Learn how to set up and manage licenses to monitor IoT devices using Microsoft Enterprise IoT in the Microsoft Defender portal.
+ms.service: defender-for-iot
+author: limwainstein
+ms.author: lwainstein
+ms.localizationpriority: medium
+ms.date: 08/25/2024
+ms.topic: overview
+---
+
+# Set up and manage enterprise IoT security licenses
+
+Enterprise IoT security improves the monitoring and protection of the IoT devices in your network, such as printers, smart TVs, Voice over Internet Protocol (VoIP) devices, conferencing systems and purpose-built, proprietary devices. The security monitoring includes IoT related alerts, vulnerabilities, and recommendations that are integrated with your existing Microsoft Defender for Endpoint data.
+
+[!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
+
+## Enterprise IoT licenses
+
+To add enterprise IoT security to Defender for Endpoint, there are two options available depending on your existing license:
+
+- Customers with Microsoft 365 E5 (ME5) or E5 Security plans already have enterprise IoT available, but just need to turn on the feature. Each license supports five devices per ME5/ E5 Security license.
+
+    To turn on enterprise IoT, see [ME5/ E5 Security customers](enterprise-iot-get-started.md#me5-e5-security-customers).
+
+    To turn off enterprise IoT, see [turn off enterprise IoT security](enterprise-iot-manage.md#turn-off-enterprise-iot-security).
+
+- Customers with a Defender for Endpoint P2 license only can use a trial standalone license for monitoring enterprise IoT devices. A trial license supports 100 devices.
+
+    Start your enterprise IoT trial using the [Microsoft Defender for IoT - EIoT Device License - add-on wizard](https://signup.microsoft.com/get-started/signup?products=b2f91841-252f-4765-94c3-75802d7c0ddb&ali=1&bac=1) or via the [Microsoft 365 admin center](https://portal.office.com/AdminPortal/Home#/catalog).
+
+    When the trial ends, the trial license is automatically canceled, and you lose access to enterprise IoT security features. To continue using enterprise IoT purchase a full standalone license. For more information, see [purchase a standalone license](enterprise-iot-get-started.md#set-up-a-standalone-full-license).
+
+## Resolve billing issues associated with my enterprise IoT plan
+
+For any billing or technical issues, open a support ticket for Microsoft Defender portal.
+
+## Next steps
+
+[Get started with enterprise IoT](enterprise-iot-get-started.md)
@@ -0,0 +1,80 @@
+---
+title: Manage enterprise IoT security for Microsoft Defender for IoT in the Defender portal
+description: Learn how to manage enterprise IoT devices using Microsoft Defender for IoT in the Microsoft Defender portal.
+ms.service: defender-for-iot
+author: limwainstein
+ms.author: lwainstein
+ms.localizationpriority: medium
+ms.date: 08/25/2024
+ms.topic: how-to
+---
+
+# Manage enterprise IoT security
+
+Enterprise IoT security improves the monitoring and protection of the IoT devices in your network, such as printers, smart TVs, Voice over Internet Protocol (VoIP) devices, conferencing systems and purpose-built, proprietary devices.
+
+When enterprise IoT is activated, the data for alerts, recommendations, and vulnerabilities is shown in the Microsoft Defender portal.
+
+## View enterprise IoT data in the Defender portal
+
+To view enterprise IoT security data:
+
+1. In [Microsoft Defender portal](https://security.microsoft.com/), select **Assets** > **Devices** to open the **Device inventory** page.
+
+1. Select the **IoT devices** tab and select a specific device **IP** to drill down for more details. For example:
+
+    :::image type="content" source="media/enterprise-iot-manage/select-a-device.png" alt-text="Screenshot of the IoT devices tab in Microsoft Defender portal." lightbox="media/enterprise-iot-manage/select-a-device.png":::
+
+1. When you select a specific device, the device details page opens. Explore the following tabs to view data added by enterprise IoT security for your device:
+
+    - On the **Alerts** tab, check for any alerts triggered by the device. Simulate alerts in Microsoft 365 Defender for Enterprise IoT using the Raspberry Pi scenario available in the Microsoft 365 Defender [Evaluation & Tutorials](https://security.microsoft.com/tutorials/all) page.
+
+        You can also set up advanced hunting queries to create custom alert rules. For more information, see [advanced hunting queries for enterprise IoT security](#advanced-hunting-queries-for-enterprise-iot).
+
+    - On the **Security recommendations** tab, check for any recommendations available for the device to reduce risk and maintain a smaller attack surface.
+
+    - On the **Discovered vulnerabilities** tab, check for any known CVEs associated with the device. Known CVEs can help decide whether to patch, remove, or contain the device and mitigate risk to your network. Alternatively, use [advanced hunting queries](#advanced-hunting-queries-for-enterprise-iot) to collect vulnerabilities across all your devices.
+
+## Hunt for threats on the Device inventory page
+
+On the **Device inventory** page, select **Go hunt** to query devices using tables like the *[DeviceInfo](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table)* table. On the **Advanced hunting** page, query data using other schemas.
+
+## Advanced hunting queries for enterprise IoT
+
+This section lists sample advanced hunting queries that you can use in Microsoft 365 Defender to help you monitor and secure your IoT devices with enterprise IoT security.
+
+### Find devices by specific type or subtype
+
+Use the following query to identify devices that exist in your corporate network by type of device, such as routers:  
+
+```kusto
+DeviceInfo
+| summarize arg_max(Timestamp, *) by DeviceId
+| where DeviceType == "NetworkDevice" and DeviceSubtype == "Router"  
+```
+
+### Find and export vulnerabilities for your IoT devices
+
+Use the following query to list all vulnerabilities on your IoT devices:
+
+```kusto
+DeviceInfo
+| where DeviceCategory =~ "iot"
+| join kind=inner DeviceTvmSoftwareVulnerabilities on DeviceId
+```
+
+For more information, see [Advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview) and [Understand the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-schema-tables).
+
+## Turn off enterprise IoT security
+
+Customers with ME5/E5 Security plans who no longer need the **enterprise IoT security** service, can turn off the feature.
+
+**To turn off enterprise IoT security**:
+
+1. In [Microsoft Defender portal](https://security.microsoft.com/), select **Settings** > **Device discovery** > **Enterprise IoT**.
+
+1. Toggle the option to **Off**.
+
+You stop getting security value in the Defender portal, including purpose-built alerts, vulnerabilities, and recommendations.
+
+Customers with a Microsoft Defender for Endpoint P2 license who don't add a standalone license by the time the trial ends, have the trial automatically canceled, and lose access to enterprise IoT security features. For more information, see [purchase a standalone license](enterprise-iot-get-started.md#purchase-the-standalone-license).