MDE Enterprise IoT

Microsoft Defender for Endpoint (MDE)

While computer- and mobile devices are managed (e.g. Endpoint manager), protected (e.g. Microsoft Defender for Endpoint) and updated (to reduce the number of vulnerabilities that can be exploited), IoT devices are often not managed, not protected and not updated!

Endpoint & network device discovery

Microsoft Defender for Endpoint can discover 1) supported O.S. devices (Windows, Mac, iOS and Android) connected to the corporate network (see my blog Endpoint discovery for more info).

IoT device discovery

3) Enterprise IoT device discovery is the latest discovery method of MDE. IoT devices can be more easily compromised due to outdated software and default credentials for example.

Vulnerability Management

Exposure level is the level of vulnerabilities (e.g. outdated software, it will also provide extra information if there is a public exploit available like MetaSploit for example).

Hunting / custom detection rule

You can create a custom detection rule to get notified when a new IoT device is detected on the corporate network.

Incidents

If a new device is detected via the custom detection rule (above) or the device is part of a kill-chain, an Incident is raised in the portal.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store