Merge pull request #2266 from limwainstein/protect-ot-article-in-xdr

limwainstein · web-flow · commit 6f362a00d42d · 2025-02-24T16:35:31.000+02:00
Protect IoT/OT
diff --git a/defender-endpoint/device-discovery.md b/defender-endpoint/device-discovery.md
@@ -98,7 +98,7 @@ To address the challenge of gaining enough visibility to locate, identify, and s
 - **Microsoft Defender for IoT**: This integration combines Defender for Endpoint's device discovery capabilities with Microsoft Defender for IoT in the Microsoft Defender portal (Preview) to secure:
 
     - OT devices, such as servers or packaging systems. For more information, see [onboard Defender for IoT in the Defender portal](/defender-for-iot/get-started).
-    - Enterprise IoT devices connected to an IT network (for example, Voice over Internet Protocol (VoIP), printers, and smart TVs). For more information, see [Enable Enterprise IoT security with Defender for Endpoint](/azure/defender-for-iot/organizations/eiot-defender-for-endpoint).
+    - Enterprise IoT devices connected to an IT network (for example, Voice over Internet Protocol (VoIP), printers, and smart TVs). For more information, see [Get started with Enterprise IoT security](/defender-for-iot/enterprise-iot-get-started).
 
 ## Vulnerability assessment on discovered devices
 
diff --git a/defender-for-iot/device-discovery.md b/defender-for-iot/device-discovery.md
@@ -25,7 +25,7 @@ Learn how to [discover and manage your IoT/OT devices](manage-devices-inventory.
 
 If you don't yet have a Defender for IoT license, the **Device inventory** page detects your OT devices and lists them with regular device data, but without security data. For example, the device name, IP, and category are visible, while the risk level isn't visible. The device inventory also displays a note at the top of the page that indicates the number of unprotected OT devices.
 
-In this case, [onboard Defender for IoT](get-started.md) to get security value for your OT devices.
+To enable protection and get the full security value for your OT devices, [onboard Defender for IoT](get-started.md) to get security value for your OT devices.
 
 If you're seeing the message that indicates the number of unprotected OT devices, and you've already set up Defender for IoT, [set up a site](set-up-sites.md) and associate the relevant devices with it.
 
diff --git a/defender-for-iot/enterprise-iot-manage.md b/defender-for-iot/enterprise-iot-manage.md
@@ -27,7 +27,7 @@ To view enterprise IoT security data:
 
 1. When you select a specific device, the device details page opens. Explore the following tabs to view data added by enterprise IoT security for your device:
 
-    - On the **Alerts** tab, check for any alerts triggered by the device. Simulate alerts in Microsoft 365 Defender for Enterprise IoT using the Raspberry Pi scenario available in the Microsoft 365 Defender [Evaluation & Tutorials](https://security.microsoft.com/tutorials/all) page.
+    - On the **Alerts** tab, check for any alerts triggered by the device. Simulate alerts in Microsoft Defender for Enterprise IoT using the Raspberry Pi scenario available in the Microsoft Defender [Evaluation & Tutorials](https://security.microsoft.com/tutorials/all) page.
 
         You can also set up advanced hunting queries to create custom alert rules. For more information, see [advanced hunting queries for enterprise IoT security](#advanced-hunting-queries-for-enterprise-iot).
 
@@ -41,7 +41,7 @@ On the **Device inventory** page, select **Go hunt** to query devices using tabl
 
 ## Advanced hunting queries for enterprise IoT
 
-This section lists sample advanced hunting queries that you can use in Microsoft 365 Defender to help you monitor and secure your IoT devices with enterprise IoT security.
+This section lists sample advanced hunting queries that you can use in Microsoft Defender to help you monitor and secure your IoT devices with enterprise IoT security.
 
 ### Find devices by specific type or subtype
 
diff --git a/defender-for-iot/enterprise-iot.md b/defender-for-iot/enterprise-iot.md
@@ -19,7 +19,7 @@ While the number of IoT devices continues to grow, they often lack the security
 
 ## Enterprise IoT monitoring in the Defender portal
 
-Extend Microsoft Defender for IoT's security features to include enterprise IoT devices. Add the enterprise IoT security feature to your existing Microsoft Defender for Endpoint license, and view related vulnerabilities and recommendations for IoT devices that are seemlessly integrated into the Microsoft Defender portal.
+Extend Microsoft Defender for IoT's security features to include enterprise IoT devices. Add the enterprise IoT security feature to your existing Microsoft Defender for Endpoint license, and view related vulnerabilities and recommendations for IoT devices that are seamlessly integrated into the Microsoft Defender portal.
 
 :::image type="content" source="media/enterprise-iot/eiot-architecture.png" alt-text="The architecture showing the use of enterprise IoT":::
 
diff --git a/defender-xdr/TOC.yml b/defender-xdr/TOC.yml
@@ -62,6 +62,8 @@
         href: /defender-office-365/mdo-about?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
       - name: Protect your cloud apps
         href: /defender-cloud-apps/what-is-defender-for-cloud-apps?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
+      - name: Protect your IoT/OT assets
+        href: protect-against-iot-ot-threats.md
       - name: Microsoft Secure Score
         items:
           - name: Overview
@@ -73,7 +75,7 @@
           - name: Track your score history and meet goals
             href: microsoft-secure-score-history-metrics-trends.md
           - name: Data storage and privacy
-            href: secure-score-data-storage-privacy.md      
+            href: secure-score-data-storage-privacy.md     
     - name: Investigate and respond to threats
       items:
       - name: Overview
diff --git a/defender-xdr/prerequisites.md b/defender-xdr/prerequisites.md
@@ -41,7 +41,8 @@ Any of these licenses give you access to Microsoft Defender XDR features via the
 - Windows 11 Enterprise E5 or A5
 - Enterprise Mobility + Security (EMS) E5 or A5
 - Office 365 E5 or A5
-- Microsoft Defender for Endpoint
+- Microsoft Defender for Endpoint 
+- [Microsoft Defender for IoT - Enterprise IoT protection](/defender-for-iot/enterprise-iot-licenses#enterprise-iot-licenses) (includes protection for enterprise IoT devices with the Microsoft 365 E5 (ME5) or E5 Security license)
 - Microsoft Defender for Identity
 - Microsoft Defender for Cloud Apps or [Cloud App Discovery](/defender-cloud-apps/editions-cloud-app-security-aad)
 - Microsoft Defender for Office 365 (Plan 2)
diff --git a/defender-xdr/protect-against-iot-ot-threats.md b/defender-xdr/protect-against-iot-ot-threats.md
@@ -0,0 +1,80 @@
+---
+title: IoT/OT security - protect enterprise IoT and OT assets
+description: Learn how Defender for IoT detects and monitors IoT and OT devices to protect your environment against threats raised by IoT and OT devices.
+ms.service: defender-xdr
+ms.author: lwainstein
+author: limwainstein
+ms.localizationpriority: medium
+manager: raynew
+audience: ITPro
+ms.topic: conceptual
+ms.date: 01/20/2024
+appliesto:
+    - Microsoft Defender for XDR
+    - Microsoft Defender for Endpoint
+    - Microsoft Defender for IoT
+
+#Customer intent: As a Defender XDR customer, I want to know what IoT/OT protection is included in my license so that I can better protect my IoT/OT assets.
+---
+
+# IoT/OT security - protect enterprise IoT and OT assets
+
+The Internet of Things (IoT) connects billions of smart devices used in homes and businesses, while Operational Technology (OT) focuses on industrial systems like factory equipment and critical infrastructure. Securing OT/IoT environments comes with unique challenges, like unmanaged devices, increased attack surfaces, and the absence of traditional security controls (review [more security challenges](#enterprise-iot-security-challenges)).
+
+To maintain operational reliability and safety, organizations must use [tailored IoT/OT security approaches](/defender-for-iot/microsoft-defender-iot) due to the unique risks in these environments. Microsoft Defender for IoT addresses these unique risks, providing comprehensive OT security, including visibility into OT environments and advanced threat protection.
+
+In this article, you learn about IoT/OT security challenges, and how Defender XDR leverages Defender for IoT to detect and monitor enterprise IoT and OT devices.
+
+> [!NOTE]
+> Microsoft E5 and E5 Security customers can enable enterprise IoT security as part of their license. Learn more about the [Enterprise IoT device protection](#enterprise-iot-device-protection-in-defender-for-endpoint-and-defender-xdr) supported for different licenses.
+
+## Enterprise IoT security challenges
+
+When IoT/OT devices can't be protected by traditional security monitoring systems, each new wave of innovation increases the risk and possible attack surfaces across those IoT devices and OT networks.
+
+Specifically, enterprise IoT security challenges include:
+
+- Lack of visibility into unmanaged IoT devices, which create significant blind spots and increase the enterprise attack surface.
+- Complex device authentication and identity management, where traditional security models like password-based authentication are often insufficient.
+- Large amounts of sensitive data with insufficient data encryption.
+- Lack of built-in security controls and security best practices, making enterprise IoT devices easy targets for sophisticated attacks.
+- Limited computational capacity, making it difficult to implement standard security measures like encryption, authentication, and firmware updates.
+
+## Enterprise IoT device protection in Defender for Endpoint and Defender XDR
+
+[Enterprise IoT security](/defender-for-iot/enterprise-iot) in Microsoft Defender for Endpoint and Defender XDR provides IoT-specific security value for IoT devices, including risk and exposure levels, vulnerabilities, and recommendations.
+
+While monitoring endpoints on the network, the existing Defender for Endpoint agent detects, identifies, assesses, and secures enterprise IoT assets on the monitored endpoints.
+
+This table describes the supported protection for different licenses.
+
+|License  |Device discovery  |Threat detection - managed/unmanaged devices |VM |Security recommendations |How to enable |
+|---------|---------|---------|---------|---------|---------|---------|
+|Microsoft Defender for Endpoint P2     |&#x2705;  |&#x2705; |&#10060; |&#10060; |- [Start with a free trial](/defender-for-iot/enterprise-iot-get-started#set-up-a-standalone-trial-license)- Purchase the [standalone full license](/defender-for-iot/enterprise-iot-get-started#set-up-a-standalone-full-license). |
+|Enterprise IoT add-on device license (add-on to MDE P2)   |&#x2705;  |&#x2705; |&#x2705; |&#x2705; |[Enable enterprise IoT security](/defender-for-iot/enterprise-iot-get-started#add-enterprise-iot-security-in-the-defender-portal)  |
+|E5<sup>1</sup>     |&#x2705;  |&#x2705; |&#x2705; |&#x2705; |[Enable enterprise IoT security](/defender-for-iot/enterprise-iot-get-started#add-enterprise-iot-security-in-the-defender-portal)  |
+
+<sup>1</sup>Includes the MDE P2 license and the enterprise IoT add-on. Each E5 user license supports five enterprise IoT add-on device licenses.
+
+### Supported devices
+
+Enterprise IoT protection includes devices connected to an IT network (for example, Voice over Internet Protocol (VoIP), printers, and smart TVs).
+
+### Main features
+
+|Feature  |Location  |More details  |
+|---------|---------|---------|
+|Discover enterprise IoT assets for a full enterprise IoT inventory    |**Assets > Devices > IoT devices**         |[Device inventory overview](/defender-endpoint/machines-view-overview)  |
+|Review alerts triggered by enterprise IoT assets     |**Device details** page > **Alerts** tab         |- Learn more about [Defender for Endpoint alerts](/defender-endpoint/review-alerts).<br>- Simulate alerts in Microsoft 365 Defender for Enterprise IoT using the Raspberry Pi scenario available in the Microsoft 365 Defender [Evaluation & Tutorials page](https://security.microsoft.com/tutorials/all).         |
+|Review security recommendations for enterprise IoT assets     |**Device details** page > **Security recommendations** tab         |[Security recommendations in Defender for Endpoint](/defender-endpoint/device-discovery#vulnerability-assessment-on-discovered-devices)         |
+|Discover vulnerabilities associated with enterprise IoT assets     |**Device details** page > **Discovered vulnerabilities** tab        |[Vulnerabilities in your organization](/defender-vulnerability-management/tvm-weaknesses)         |
+|Use advanced hunting queries to [create custom alert rules](/defender-for-iot/enterprise-iot-manage#advanced-hunting-queries-for-enterprise-iot) or to [collect vulnerabilities](/defender-for-iot/enterprise-iot-manage#advanced-hunting-queries-for-enterprise-iot) across all your devices |**Advanced hunting** page in the Defender portal | |
+
+## Extend protection to OT devices
+
+To go beyond the protection that the Defender for Endpoint agent provides for enterprise IoT assets, Defender for IoT provides full visibility and security protection into OT assets in relevant internal networks.
+
+For more information:
+
+- [Onboard Defender for IoT](/defender-for-iot/get-started) to enable OT protection.
+- Learn about the [OT-specific security use-cases](/defender-for-iot/microsoft-defender-iot#what-are-the-main-defender-for-iot-use-cases) that Defender for IoT addresses.
