This article is contributed. See the original author and article here.

The following courses will guide you to becoming an Azure Defender for IoT Ninja. 


 


Curriculum  


This training program includes over 22 modules. For each module, the post includes a video, and/or a presentation, along with supporting information when relevant: product documentation, blog posts, and additional resources. 
 
The modules are organized into the following groups: 



  • Overview 

  • Basic Features 

  • Deployment 

  • Sentinel Integration 

  • Advanced  


Check back often as additional items will be published regularly.


  


Overview 


Azure Defender for IoT enables IT and OT teams to auto-discover their unmanaged IoT/OT assets, identify critical vulnerabilities, and detect anomalous or unauthorized behavior — without impacting IoT/OT stability or performance. 


Azure Defender for IoT delivers insights within minutes of being connected to the network, leveraging patented IoT/OT-aware behavioral analytics and machine learning to eliminate the need to configure any rules, signatures, or other static IOCs. To capture the traffic, it uses an on-premises network sensor deployed as a virtual or physical appliance connected to a SPAN port or tap. The sensor implements non-invasive passive monitoring with Network Traffic Analysis (NTA) and Layer 7 Deep Packet Inspection (DPI) to extract detailed IoT/OT information in real-time.


 


This section provides background information on IoT and OT networks and an overview of the Microsoft Azure Defender for IoT platform.


 














Start Here 


kimwall_0-1623189683350.png 17m: How does Azure Defender for IoT secure OT (operational technology) environments? 
kimwall_1-1623189683351.png  (coming soon) How does Azure Defender for IoT secure OT (operational technology) environments? 
kimwall_2-1623189683351.png 12m: What is the Azure Defender for IoT Architecture? 
kimwall_3-1623189683352.png (coming soon) What is the Azure Defender for IoT Architecture? 

 



Learn More 



Blog: Go inside the new Azure Defender for IoT including CyberX 


kimwall_4-1623189683352.png 22m: Agentless IoT/OT security with Azure Defender for IoT 
kimwall_5-1623189683352.png 35m: Azure Defender for IoT Overview  
kimwall_6-1623189683352.png 25m: Azure Defender for IoT Introduction 
kimwall_7-1623189683353.png 38m: What is OT and how is it different from IT? 
kimwall_8-1623189683353.png 23m: How Azure Defender for IoT fills the security gap in OT networks 
kimwall_9-1623189683353.png 13m: Azure Defender for IoT overview and demo 
kimwall_10-1623189683354.png 13m: Azure Defender for IoT agentless monitoring demo 

 



 


 


Basic Features 


Learn about the core features of the platform including asset discovery, deployment options, reporting, alert handling, event timeline, risk assessment, attack vector simulations, and data mining and baselining.  


 














Start Here 


kimwall_11-1623189683354.png 43m: Demonstration of Microsoft Azure Defender for IoT platform 
kimwall_12-1623189683354.png 10m: How to discover and classify assets within your industrial network using Defender for IoT 
kimwall_13-1623189683354.png 6m: How to discover exploitable paths using attack vector simulation 
kimwall_14-1623189683355.png (coming soon) How to discover exploitable paths using attack vector simulation 
kimwall_15-1623189683355.png 8m: How to run reports and attack vector simulations 
kimwall_16-1623189683355.png (coming soon) How to run reports and attack vector simulations 
kimwall_17-1623189683356.png 5m: How to use the event timeline 
kimwall_18-1623189683356.png 11m: How to analyze the risk assessment report 

 



Learn More 


kimwall_19-1623189683356.png 52m: Zero Trust Webinar with Azure Defender for IoT 
kimwall_20-1623189683356.png 24m: Analytics, data management and hunting with Azure Defender for IoT 
kimwall_21-1623189683357.png 24m: Deployment methodologies – hybrid cloud vs air-gapped environments 

Doc: Azure Defender for IoT Architecture in product documentation 


Blog: Cloud-delivered IoT/OT threat intelligence 


Blog: Azure Defender for IoT quick start instructions 


 



 


Deployment 


This section provides details on the deployment and tuning specifics. Learn about the differences between on-premises-only and cloud-connected options. Walk through the licensing components within the Azure portal.  


 














Start Here 


kimwall_22-1623189683357.png 35m: How to successfully deploy a sensor 

 



Learn More 



Blog: Designing a Robust Defense for Operational Technology Using Azure Defender for IoT 


kimwall_23-1623189683357.png 33m: Deploying and configuring an offline sensor 

 



 


Sentinel Integration 


For cloud-connected options, remote sensors will send logging and analysis data to Azure. Once in the cloud, logging and asset data may be forwarded to Sentinel. All of the tools within Sentinel become available including automation/playbooks, workbooks, threat hunting and analytics, incident handling, notebooks, and more.  


 










Start Here 


kimwall_24-1623189683358.png 16m: How to protect OT networks from Triton using Azure Sentinel Playbooks  

 


Advanced 


Learn about advanced features and integrations including custom alerts, MITRE framework, enterprise data integration, large scale deployments, SOC integration, and more.  


 














Start Here 


kimwall_25-1623189683358.png 13m: How to use the enterprise data integrator 
kimwall_26-1623189683358.png (coming soon) How to use the enterprise data integrator 

 



Learn More 



Blog: Looking for Anomalies in your IoT Asset Telemetry 


 



 


 


 


Azure Defender for IoT Product Documentation 



You may find product documentation in the Azure portal: 



  • Azure Defender for IoT Getting Started launch page 



  

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.