Monday, March 14, 2022

Microsoft Defender for IoT for Device Builders in Public Preview



Recently, we announced that the Microsoft Defender for IoT sensor, version 22.1, had reached general availability (GA) status. Now, we would like to introduce you to our latest Public Preview that includes new Microsoft Defender for IoT embedded security capabilities designed specifically for device builders and solution operators. These capabilities will empower builders to create secure-by-design, managed IoT devices.


What is Microsoft Defender for IoT's Integrated On-Device Security Solution:

Microsoft Defender for IoT’s agent-based solution for device builders is a managed, on-premises solution for device manufacturers and solution operators. It includes capabilities to incorporate security from the earliest stages of development enabling builders to reduce their devices’ exposure to IoT risks before they ship devices to customers. Defender for IoT automatically recommends hardening strategies and helps protect the supply chain technologies that they add to their devices. Once the devices are deployed customers and operators using Defender for IoT will benefit from advanced run-time protection that can detect and respond to threats as well as prevent attempted exploits and attacks.

Integrating security into the device enables device manufacturers and managed solution providers to provide security across any network, including Mobile Virtual Network Operators (MVNOs) and devices directly connected to 5G networks and to differentiate their solution by detecting more threats, such as device hijacking, ransomware, crypto jacking, and more. The lightweight security agents empower device manufacturers to build security directly into their new IoT/OT initiatives and devices to maintain security post-sales and keep their brand and customers safe.

With Microsoft Defender for IoT, managed solution operators can now easily and seamlessly gain visibility into the security posture of their deployed devices, proactively monitor the devices, receive automatic security posture and hardening recommendations based on Center for Internet Security (CIS) benchmarks along with device-specific recommendations. This solution enables users to gain visibility into operating system security, including OS configurations, firewall settings, and permissions.


What's New In The Latest Version, 4.1.2:

The public preview includes an updated agent, version 4.1.2, which delivers many new features:

  • Micro agent for Edge is now in Public Preview: The Defender for IoT micro-agent supports simplified automatic identity provisioning and authentication for Edge. This enables device builders to seamlessly manage IoT Edge as part of their Azure IoT solutions. For more information, see how to Install Defender for IoT micro agent for Edge (Preview).
  • Expanded functionality of event collection: Detect more threats and previously undetected attacks such as new malware, ransomware, device hijacking (botnets and crypto miners), brute force attacks, and much more.
    • The solution supports monitoring process events on Linux operating systems, network collection events on Azure RTOS devices and Linux devices, as well as a Login collector. The login collector can be configured using SYSLOG (to collect SSH login events) or Pluggable Authentication Modules (PAM) to collect SSH, telnet and local login events. For more information, see Micro agent event collection (Preview).
    • Network collector now includes a DNS hit count field that can be visible through Log Analytics, which can help indicate if a DNS request was part of an automatic query. For more information, see Network Connection events (event-based collector).
  • Center for Internet Security (CIS) benchmarks: Benchmarks from the Center for Internet Security (CIS) provide organizations with configuration best-practices for securing operating systems. The micro agent supports CIS benchmark checks and has now extended to new functionality for this support. Defender for IoT allows users to view recommendations based on CIS Distribution Independent Linux Benchmarks version 2.0.0 and includes the ability to disable specific CIS Benchmarks checks or groups through twin configurations. For more information, see Micro agent configurations (Preview).
  • Micro agent supported devices list continues to expand: The micro agent has expanded the supported devices list to Debian 11, as well as expanding supported architectures in Ubuntu 18.04 and Ubuntu 20.04. We also continue to support Debian 9 and Debian 10 devices. To see our full support matrix, refer to Agent portfolio overview and OS support (Preview).
  • Alignment with standard Linux directory structure: The agent-based solution is aligned with the standard Linux installation directory structure.

For device manufacturers building devices with the existing Microsoft Defender for IoT micro agent, to upgrade your agent to the new version and take advantage of all new functionality, please refer to the documentation.


Connect & Learn More

If you are a device builder or solution operator interested in learning more and engaging with the product team, or if you just want to stay in the loop and receive future updates: please reach out to

You can learn more about Microsoft Defender for IoT and its benefits for organizations and device builders with the following links: 

Posted at