Overview of vulnerability management

With vulnerability management, Microsoft Defender for IoT in the Defender portal provides extended coverage for OT networks, gathers OT device data into one place, and displays the data with the other devices on your network.

The OT security administrator proactively manages network exposure based on the vulnerability details and recommended remediation actions.

Important

This article discusses Microsoft Defender for IoT in the Defender portal (Preview).

If you're an existing customer working on the classic Defender for IoT portal (Azure portal), see the Defender for IoT on Azure documentation.

Learn more about the Defender for IoT management portals.

Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.

Vulnerability management capabilities

The key vulnerability management capabilities are:

Capability Description
Extended vulnerability coverage Defender for IoT uses detailed OT device firmware information and discovers the device vendor, model, and version to identify known vulnerabilities.
Security recommendations page Offers actionable steps to update and mitigate vulnerable products.
Weaknesses page Includes a detailed list of vulnerabilities like zero-days and known exploits.
Management You can manage and control the vulnerabilities globally, per tenant or device group, per device from the device page, or per vulnerable product through the Inventory page.
Exception handling Create exceptions for recommendations that can't be patched.
Customizable Vulnerability Notifications Alert key stakeholders with customizable notifications.
Reporting Inaccuracies Users can report inaccuracies on discovered CVEs or request support for new vulnerabilities.

Weaknesses page

The Microsoft Defender portal displays Microsoft Defender for IoT security vulnerabilities in the Endpoints > Weaknesses page.

Vulnerabilities are listed based on their publicly registered Common Vulnerability and Exposures(CVEs) ID.

The Weaknesses page lists the detected security vulnerabilities across all devices, endpoints, applications and other sources on your network. The data can be filtered according to device groups based on the created sites.

The OT security administrator uses the list of detected vulnerabilities in the Weaknesses page to send a remediation request for the relevant team to handle.

Learn more about the Weaknesses page in the Microsoft Defender Vulnerability Management.

Next steps

Prioritize and investigate vulnerabilities in Microsoft Defender for IoT.