OT monitoring software versions
The Microsoft Defender for IoT architecture uses on-premises sensors and management servers.
This article lists the supported software versions for the OT sensor and on-premises management software, including release dates, support dates, and highlights for the updated features.
For more information, including detailed descriptions and updates for cloud-only features, see What's new in Microsoft Defender for IoT? Cloud-only features aren't dependent on specific sensor versions.
Versioning and support for on-premises software versions
This section describes the servicing information, timelines, and guidance for the available on-premises software versions.
Version update recommendations
When updating your on-premises software, we recommend:
Plan to update your sensor versions to the latest version once every 6 months.
Update to a patch version only for specific bug fixes or security patches. When working with the Microsoft support team on a specific issue, verify which patch version is recommended to resolve your issue.
Note
If you have an on-premises management console, make sure to also update your on-premises management console to the same version as your sensors.
For more information, see Update Defender for IoT OT monitoring software.
On-premises monitoring software versions
Cloud features may be dependent on a specific sensor version. Such features are listed below for the relevant software versions, and are only available for data coming from sensors that have the required version installed, or higher.
Version / Patch | Release date | Scope | Supported until |
---|---|---|---|
24.1 | |||
24.1.6 | 11/2024 | Minor | 12/2025 |
24.1.5 | 09/2024 | Minor | 09/2025 |
24.1.4 | 07/2024 | Minor | 07/2025 |
24.1.3 | 06/2024 | Minor | 06/2025 |
24.1.2 | 04/2024 | Minor | 04/2025 |
23.2 | |||
23.2.0 | 12/2023 | Major | 12/2024 |
23.1 | |||
23.1.3 | 09/2023 | Patch | 08/2024 |
23.1.2 | 07/2023 | Major | 06/2024 |
22.3 | |||
22.3.10 | 07/2023 | Patch | 06/2024 |
22.3.9 | 05/2023 | Patch | 04/2024 |
22.3.8 | 04/2023 | Patch | 03/2024 |
22.3.7 | 03/2023 | Patch | 02/2024 |
22.3.6 | 03/2023 | Patch | 02/2024 |
22.3.5 | 01/2023 | Patch | 12/2023 |
22.3.4 | 01/2023 | Major | 12/2023 |
22.2 | |||
22.2.9 | 01/2023 | Patch | 12/2023 |
22.2.8 | 11/2022 | Patch | 10/2023 |
22.2.7 | 10/2022 | Patch | 09/2023 |
22.2.6 | 09/2022 | Patch | 04/2023 |
22.2.5 | 08/2022 | Patch | 04/2023 |
22.2.4 | 07/2022 | Patch | 04/2023 |
22.2.3 | 07/2022 | Major | 04/2023 |
22.1 | |||
22.1.7 | 07/2022 | Patch | 06/2023 |
22.1.6 | 06/2022 | Patch | 10/2022 |
22.1.5 | 06/2022 | Patch | 10/2022 |
22.1.4 | 04/2022 | Patch | 10/2022 |
22.1.3 | 03/2022 | Patch | 10/2022 |
22.1.2 | 02/2022 | Major | 10/2022 |
10.5 | |||
10.5.5 | 12/2021 | Patch | 09/2022 |
10.5.4 | 12/2021 | Patch | 09/2022 |
10.5.3 | 10/2021 | Patch | 07/2022 |
10.5.2 | 10/2021 | Major | 07/2022 |
Threat intelligence updates
Threat intelligence updates are continuously available and are independent of specific sensor versions. You don't need to update your sensor version in order to get the latest threat intelligence updates.
For more information, see Threat intelligence research and packages.
Support model
Defender for IoT provides 1 year of support for every new version, starting with versions 22.1.7 and 22.2.7. For example, version 22.2.7 was released in October 2022 and is supported through September 2023.
Earlier versions use a legacy support model, with support dates detailed for each version.
On-premises appliance security
The OT network sensor and the on-premises management console are designed as a locked-down security appliance with a hardened attack surface. Appliance access and control are allowed only through the management port, via HTTP for web access and SSH for the support shell.
Defender for IoT adheres to the Microsoft Security Development Lifecycle throughout the entire development lifecycle, including activities like training, compliance, code reviews, threat modeling, design requirements, component governance, and pen testing. All appliances are locked down according to industry best practices and shouldn't be modified.
Maintain your sensors and on-premises management consoles, for activities like backups, log exports, or health monitoring, via the web interface, or the Defender for IoT CLI commands.
Important
Manual changes to software packages or additions of external packages may have detrimental security or functional effects on the sensor and on-premises management console. Microsoft is unable to support deployments with manual changes made to software packages.
Feature documentation per versions
Version numbers are listed only in this article and in the What's new in Microsoft Defender for IoT? article, and not in detailed descriptions elsewhere in the documentation.
To understand whether a feature is supported in your sensor version, check the relevant version section below and its listed features.
Versions 24.1.x
24.1.6
Release date: 11/2024
Supported until: 12/2025
This version includes bug fixes for stability improvements.
Version 24.1.5
Release date: 09/2024
Supported until: 09/2025
This version includes the following updates and enhancements:
- Add wildcards to allowlist domain names
- OCPI protocol is now supported
- New sensor setting type: Public addresses
- Improved OT sensor onboarding
Version 24.1.4
Release date: 07/2024
Supported until: 07/2025
This version includes the following updates and enhancements:
- Malicious URL path alert
- The following CVE is resolved in this version:
- CVE-2024-38089
Version 24.1.3
Release date: 06/2024
Supported until: 06/2025
This version includes the following updates and enhancements:
- Sensor time drift detection
- Bug fixes for stability improvements
- The following CVEs are resolved in this version:
- CVE-2024-29055
- CVE-2024-29054
- CVE-2024-29053
- CVE-2024-21324
- CVE-2024-21323
- CVE-2024-21322
Version 24.1.2
Release date: 04/2024
Supported until: 04/2025
This version includes the following updates and enhancements:
- Alert suppression rules from the Azure portal
- Focused alerts in OT/IT environments
- Alert ID (ID field) is now aligned on the Azure portal and sensor console
- Newly supported protocols
- L60 hardware profile is no longer supported
Versions 23.2.x
Version 23.2.0
Release date: 12/2023
Supported until: 12/2024
This version includes the following updates and enhancements:
- Sensor software runs on a Debian 11 operating system and updates to this version may be heavier and longer than usual
- The legacy, privileged default support user is replaced by the default admin user
Important
If you're updating your software from a legacy version and have the support credentials saved, such as in CLI scripts, we recommend that you update those credentials to use the admin user instead.
Versions 23.1.x
Version 23.1.3
Release date: 09/2023
Supported until: 08/2024
This version includes the following updates and enhancements:
- Connectivity troubleshooting enhancements from the OT sensor
- Read Only users can access the Event Timeline
Version 23.1.2
Release date: 07/2023
Supported until: 06/2024
This version includes the following updates and enhancements:
- Simplified installation process
- A new sensor setup wizard from the UI
- Analyze sensor connectivity
- UI enhancements for downloading PCAP files from the sensor
- cyberx and cyberx_host users aren't enabled by default
Note
Due to internal improvements to the OT sensor's device inventory, column edits made to your device inventory aren't retained after updating to version 23.1.2. If you'd previously edited the columns shown in your device inventory, you'll need to make those same edits again after updating your sensor.
Versions 22.3.x
22.3.10
Release date: 07/2023
Supported until: 06/2024
This version includes bug fixes for stability improvements.
22.3.9
Release date: 05/2023
Supported until: 04/2024
This version includes:
- Improved monitoring and support for OT sensor logs
- Bug fixes for stability improvements.
22.3.8
Release date: 04/2023
Supported until: 03/2024
- Enrich Windows workstation and server data with a local script (Public preview)
- Automatically resolved notifications for operating system changes and device type changes
- UI enhancements when uploading SSL/TLS certificates
22.3.6 / 22.3.7
Release date: 03/2023
Supported until: 02/2024
Version 22.3.7 includes the same features as 22.3.6. If you have version 22.3.6 installed, we strongly recommend that you update to version 22.3.7, which also includes important bug fixes.
- Support for transient devices
- Autoresolved notifications
- Device data retention updated to 90 days
- Merging and deleting devices on OT sensors now include confirmation messages when the action has completed
- Support for deleting multiple devices on OT sensors
- An enhanced editing device details process on the OT sensor, using an Edit button in the toolbar at the top of the page
- Enhanced UI on the OT sensor for uploading an SSL/TLS certificate
- Activation files for locally managed sensors no longer expire
- Severity for all Suspicion of Malicious Activity alerts is now Critical
- Allow internet connections on an OT network in bulk
- Security recommendations for OT networks for insecure or missing passwords
22.3.5
Release date: 01/2023
Supported until: 12/2023
This version includes bug fixes for stability improvements.
22.3.4
Release date: 01/2021
Supported until: 12/2023
- Azure connectivity status shown on OT sensors
- Configure Active Directory and NTP settings in the Azure portal
Versions 22.2.x
To update to 22.2.x versions:
- From version 22.1.x, update directly to the latest 22.2.x version
- From version 10.x, first update to the latest 22.1.x version, and then update again to the latest 22.2.x version.
For more information, see Update Defender for IoT OT monitoring software.
22.2.9
Release date: 01/2023
Supported until: 12/2023
This version includes bug fixes for stability improvements.
22.2.8
Release date: 11/2022
Supported until: 10/2023
This version includes bug fixes for stability improvements.
22.2.7
Release date: 10/2022
Supported until: 09/2023
This version includes bug fixes for stability improvements.
22.2.6
Release date: 09/2022
Supported until: 04/2023
This version includes the following new updates and fixes:
- Bug fixes and stability improvements
- Enhancements to the device type classification algorithm
22.2.5
Release date: 08/2022
Supported until: 04/2023
This version includes minor stability improvements.
22.2.4
Release date: 07/2022
Supported until: 04/2023
This version includes the following new updates and fixes:
Device inventory enhancements in the sensor console:
- Merge duplicate devices, delete single devices, and delete inactive devices by admin users
- Last seen value in the device details pane is replaced by Last activity
New parameters for the devicecves API:
sensorId
,score
, anddeviceIds
New alert columns with timestamp data: Last detection, First detection, and Last activity
22.2.3
Release date: 07/2022
Supported until: 04/2023
This version includes the following new updates and fixes:
- Define and view OT sensor settings from the Azure portal
- Update your sensors from the Azure portal
- New naming convention for hardware profiles
- PCAP access from the Azure portal
- Bi-directional alert synch between OT sensors and the Azure portal
- Sensor connections restored after certificate rotation
- Upload diagnostic logs for support tickets from the Azure portal
- Improved security for uploading protocol plugins
- Sensor names shown in browser tabs
- Site-based access control on the Azure portal
Versions 22.1.x
Software versions 22.1.x support direct updates to the latest OT monitoring software versions available. For more information, see Update Defender for IoT OT monitoring software.
22.1.7
Release date: 07/2022
Supported until: 06/2023
This version includes the following new updates and fixes:
22.1.6
Release date: 06/2022
Supported until: 10/2022
This version minor maintenance updates for internal sensor components.
22.1.5
Release date: 06/2022
Supported until: 10/2022
This version minor updates to improve TI installation packages and software updates.
22.1.4
Release date: 04/2022
Supported until: 10/2022
This version includes the following new updates and fixes:
- Extended device property data in the Device inventory page on the Azure portal, for the Description, Tags. Protocols, Scanner, and Last Activity fields
22.1.3
Release date: 03/2022
Supported until: 10/2022
This version includes the following new updates and fixes:
- Diagnostic logs automatically available to support for cloud-connected sensors
- Rockwell protocol: Device inventory shows PLC operating mode key state, run state, and security mode
- Automatic CLI session timeouts
- Sensor health widgets in the Azure portal
22.1.1
Release date: 02/2022
Supported until: 10/2022
This version includes the following new updates and fixes:
-
- Contextual data for each alert
- Refreshed alert statuses
- Alert storage updates
- A new Backup Activity with Antivirus Signatures alert
- Alert management changes during software updates
Enhancements for creating custom alerts on the sensor: Hit count data, advanced scheduling options, and more supported fields and protocols
Modified CLI commands: Including the following new commands:
sudo dpkg-reconfigure iot-sensor
sudo dpkg-reconfigure iot-sensor
sudo dpkg-reconfigure iot-sensor
Improved support for Profinet DCP, Honeywell, and Windows endpoint detection protocols
Versions 10.5.x
To update your software to the latest version available, first update to version 22.1.7, and then update again to the latest 22.2.x version. For more information, see Update Defender for IoT OT monitoring software.
10.5.5
Release date: 12/2021
Supported until: 9/2022
This version minor maintenance updates.
10.5.4
Release date: 12/2021
Supported until: 09/2022
This version includes the following new updates and fixes:
- New Microsoft Sentinel solution for Defender for IoT
- Mitigation for the Apache Log4j vulnerability
- Alerts for minor events and edge cases disabled or minimized
10.5.3
Release date: 10/2021
Supported until: 07/2022
This version includes the following new updates and fixes:
- New integration APIs
- Network traffic analysis enhancements for multiple OT and ICS protocols
- Automatic deletion for older, archived alerts
- Export alert enhancements
10.5.2
Release date: 10/2021
Supported until: 07/2022
This version includes the following new updates and fixes:
- PLC operating mode detections
- New PCAP API
- Export logs from the on-premises management console for troubleshooting
- Support for Webhook extended to send data to endpoints
- Unicode support for certificate passphrases
Next steps
For more information about the features listed in this article, see What's new in Microsoft Defender for IoT and What's new archive for in Microsoft Defender for IoT for organizations.