Overview of vulnerability management
With vulnerability management, Microsoft Defender for IoT in the Defender portal provides extended coverage for OT networks, gathers OT device data into one place, and displays the data with the other devices on your network.
The OT security administrator proactively manages network exposure based on the vulnerability details and recommended remediation actions.
Important
This article discusses Microsoft Defender for IoT in the Defender portal (Preview).
If you're an existing customer working on the classic Defender for IoT portal (Azure portal), see the Defender for IoT on Azure documentation.
Learn more about the Defender for IoT management portals.
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
Vulnerability management capabilities
The key vulnerability management capabilities are:
| Capability | Description |
|---|---|
| Extended vulnerability coverage | Defender for IoT uses detailed OT device firmware information and discovers the device vendor, model, and version to identify known vulnerabilities. |
| Security recommendations page | Offers actionable steps to update and mitigate vulnerable products. |
| Weaknesses page | Includes a detailed list of vulnerabilities like zero-days and known exploits. |
| Management | You can manage and control the vulnerabilities globally, per tenant or device group, per device from the device page, or per vulnerable product through the Inventory page. |
| Exception handling | Create exceptions for recommendations that can't be patched. |
| Customizable Vulnerability Notifications | Alert key stakeholders with customizable notifications. |
| Reporting Inaccuracies | Users can report inaccuracies on discovered CVEs or request support for new vulnerabilities. |
Weaknesses page
The Microsoft Defender portal displays Microsoft Defender for IoT security vulnerabilities in the Endpoints > Weaknesses page.
Vulnerabilities are listed based on their publicly registered Common Vulnerability and Exposures(CVEs) ID.
The Weaknesses page lists the detected security vulnerabilities across all devices, endpoints, applications and other sources on your network. The data can be filtered according to device groups based on the created sites.
The OT security administrator uses the list of detected vulnerabilities in the Weaknesses page to send a remediation request for the relevant team to handle.
Learn more about the Weaknesses page in the Microsoft Defender Vulnerability Management.
Next steps
Prioritize and investigate vulnerabilities in Microsoft Defender for IoT.