Prioritize and remediate vulnerabilities

With vulnerability management, Microsoft Defender for IoT in the Defender portal provides extended coverage for operational technology (OT) networks, gathers OT device data into one place, and displays the data with the other devices on your network.

In this article, you learn how to investigate vulnerabilities and take recommended remediation actions.

Learn more about how Defender for IoT discovers vulnerabilities.

Important

This article discusses Microsoft Defender for IoT in the Defender portal (Preview).

If you're an existing customer working on the classic Defender for IoT portal (Azure portal), see the Defender for IoT on Azure documentation.

Learn more about the Defender for IoT management portals.

Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.

Investigate vulnerabilities

  1. In the Defender portal, select Endpoints > Vulnerability management > Weaknesses.

  2. Set filter settings as you need them. If device groups are created for your sites, you can use them filter the weaknesses page.

    1. Select Filter by device groups.
    2. Select a device group.
    3. Select Apply.
  3. Select a Common Vulnerabilities and Exposures (CVE) ID.

    A side panel opens with the CVE ID as the title, and the Vulnerability details tab visible. You can also select the Exposed devices and Affected software tabs.

  4. Select Go to related security recommendation.

    The Security recommendations page opens, filtered to show the CVE you're investigating.

  5. Select a recommendation. A side panel opens. Do one of the following:

Next steps

Investigate and remediate incidents and alerts