Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes features available in Microsoft Defender for IoT, across both OT and Enterprise IoT networks, both on-premises and in the Azure portal, and for versions released in the last nine months.
Features released earlier than nine months ago are described in the What's new archive for Microsoft Defender for IoT for organizations. For more information specific to OT monitoring software versions, see OT monitoring software release notes.
Note
Noted features listed below are in PREVIEW. The Azure Preview Supplemental Terms include other legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Note
This article discusses Microsoft Defender for IoT in the Azure portal.
If you're a Microsoft Defender customer looking for a unified IT/OT experience, see the documentation for Microsoft Defender for IoT in the Microsoft Defender portal (Preview) documentation.
Learn more about the Defender for IoT management portals.
September 2025
| Service area | Updates |
|---|---|
| OT networks | Sensor version 25.2.0 is now available. See release details and updates. |
June 2025
| Service area | Updates |
|---|---|
| OT networks | Sensor version 25.1.2 is now available. See release details and updates. |
April 2025
| Service area | Updates |
|---|---|
| OT networks | Sensor version 25.1.1 is now available. See release details and updates. |
March 2025
| Service area | Updates |
|---|---|
| OT networks | The following sensor versions are now available: - 24.1.9: See release details and updates. - 25.1.0: See release details and updates. |
| OT networks | - "Unauthorized Internet Connectivity Detected" alert now includes URL information - Improved RDP Brute Force Detection |
"Unauthorized Internet Connectivity Detected" alert now includes URL information
The "Unauthorized Internet Connectivity Detected" alert details now includes the URL from which the suspicious connection initiated, helping SOC analysts assess and respond to incidents more effectively.
Improved RDP brute force detection
The “Excessive Number of Sessions” alert now includes support by default to a remote desktop protocol (RDP) port, enhancing visibility into potential brute-force attacks and unauthorized access attempts.
January 2025
| Service area | Updates |
|---|---|
| OT networks | - Aggregating multiple alerts violations with the same parameters |
| OT networks | - On-premises management console retirement |
Aggregating multiple alerts violations with the same parameters
To reduce alert fatigue, multiple versions of the same alert violation and with the same parameters are grouped together and listed in the alerts table as one item. The alert details pane lists each of the identical alert violations in the Violations tab and the appropriate remediation actions are listed in the Take action tab. For more information, see aggregating alerts with the same parameters.
On-premises management console retirement
The legacy on-premises management console isn't available for download after January 1st, 2025. We recommend transitioning to the new architecture using the full spectrum of on-premises and cloud APIs before this date. For more information, see on-premises management console retirement.
December 2024
| Service area | Updates |
|---|---|
| OT networks | - Support Multiple Source Devices in DDoS Attack Alerts |
Support Multiple Source Devices in DDoS Attack Alerts
Alert details now display up to 10 source devices involved in DDoS attack.