Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Use the Device inventory page in Defender for IoT on the Azure portal to manage all network devices detected by cloud-connected sensors, including OT, IoT, and IT. Identify new devices detected, devices that might need troubleshooting, and more.
For more information, see Devices monitored by Defender for IoT.
Note
Currently, devices discovered in the Azure portal aren't synchronized with the Defender portal, and therefore the list of devices discovered could be different in each portal.
View the device inventory
To view detected devices in the Device inventory page in the Azure portal, go to Defender for IoT > Device inventory.
Use any of the following options to modify or filter the devices shown:
| Option | Steps | 
|---|---|
| Sort devices | Select a column header to sort the devices by that column. Select it again to change the sort direction. | 
| Filter devices shown | Either use the Search box to search for specific device details, or select Add filter to filter the devices shown. In the Add filter box, define your filter by column name, operator, and value. Select Apply to apply your filter. You can apply multiple filters at the same time. Search results and filters aren't saved when you refresh the Device inventory page. The Last active time and Network location (Preview) filters are on by default. | 
| Modify columns shown | Select Edit columns  . In the Edit columns pane: - Select the + Add Column button to add new columns to the grid. - Drag and drop fields to change the columns order. - To remove a column, select the Delete  icon to the right. - To reset the columns to their default settings, select Reset  . Select Save to save any changes made. | 
| Group devices | From the Group by above the grid, select a category, such as Class, Data source, Location, Purdue level, Site, Type, Vendor, or Zone, to group the devices shown. Inside each group, devices retain the same column sorting. To remove the grouping, select No grouping. | 
For more information, see Device inventory column data.
Note
If your OT sensors detect multiple devices in the same zone with the same IP or MAC address, those devices are automatically merged and identified as a single, unique device. Devices that have different IP addresses, but the same MAC address, are not merged, and continue to be listed as unique devices.
Merged devices are listed only once in the Device inventory page. For more information, see Separating zones for recurring IP ranges.
View full device details
To view full details about a specific device, select the device row. Initial details are shown in a pane on the right, where you can also select View full details to open the device details page and drill down more.
For example:
The device details page displays comprehensive device information, including the following tabs:
| Section | Description | 
|---|---|
| Attributes | Displays full device details such as class, data source, firmware details, activity, type, protocols, Purdue level, sensor, site, zone, and more. | 
| Backplane | Displays the backplane hardware configuration, including slot and rack information. Select a slot in the backplane view to see the details of the underlying devices. The backplane tab is usually visible for Purdue level 1 devices that have slots in use, such as PLC, RTU, and DCS devices. | 
| Vulnerabilities | Displays current vulnerabilities specific to the device. Defender for IoT provides vulnerability coverage for supported OT vendors where Defender for IoT can detect firmware models and firmware versions. Vulnerability data is based on the repository of standards-based vulnerability data documented in the US government National Vulnerability Database (NVD). Select the CVE name to see the CVE details and description. Tip: View vulnerability data across your network with the Defender for IoT Vulnerability workbook. | 
| Alerts | Displays current open alerts related to the device. Select any alert to view more details, and then select View full details to open the alert page to view the full alert information and take action. For more information on the alerts page, see View alerts on the Azure portal. | 
| Recommendations | Displays current recommendations for the device, such as Review PLC operating mode and Review unauthorized devices. For more information on recommendations, see Enhance security posture with security recommendations. | 
For example:
Identify devices that aren't connecting successfully
If you suspect that certain devices aren't actively communicating with Azure, we recommend that you verify whether those devices have communicated with Azure recently at all. For example:
- In the Device inventory page, make sure that the Last activity column is shown. - Select Edit columns  > Add column > Last Activity > Save. > Add column > Last Activity > Save.
- Select the Last activity column to sort the grid by that column. 
- Filter the grid to show active devices during a specific time period: - Select Add filter.
- In the Column field, select Last activity.
- Select a predefined time range, or define a custom range to filter for.
- Select Apply.
 
- Search for the devices you're verifying in the filtered list of devices. 
Edit device details
As you manage your network devices, you may need to update their details. For example, you may want to modify security value as assets change, or personalize the inventory to better identify devices, or if a device was classified incorrectly.
To edit device details:
- Select one or more devices in the grid, and then select Edit  . .
- If you've selected multiple devices, select Add field type and add the fields you want to edit, for all selected devices. 
- Modify the device fields as needed, and then select Save when you're done. 
Your updates are saved for all selected devices.
For more information, see Device inventory column data.
Reference of editable fields
The following device fields are supported for editing in the Device inventory page:
| Name | Description | 
|---|---|
| General information | |
| Name | Mandatory. Supported for editing only when editing a single device. | 
| Authorized device | Toggle on or off as needed as device security changes. | 
| Description | Enter a meaningful description for the device. | 
| Location | Enter a meaningful location for the device. | 
| Category | Use the Class, Type, and Subtype options to categorize the device. | 
| Business function | Enter a meaningful description of the device's business function. | 
| Hardware model | Select the device's hardware model from the dropdown menu. | 
| Hardware vendor | Select the device's hardware vendor from the dropdown menu. | 
| Firmware | Device the device's firmware name and version. You can either select the delete button to delete an existing firmware definition, or select + Add to add a new one. | 
| Purdue level | The Purdue level in which the device exists. | 
| Tags | Enter meaningful tags for the device. Select the delete button to delete an existing tag, or select + Add to add a new one. | 
| Settings | |
| Importance | Select Low, Normal, or High to modify the device's importance. | 
| Programming device | Toggle the Programming Device option on or off as needed for your device. | 
For more information, see Device inventory column data.
Export the device inventory to CSV
Export your device inventory to a CSV file to manage or share data outside of the Azure portal. You can export a maximum of 30,000 devices at a time.
To export device inventory data:
On the Device inventory page, select Export  .
.
The device inventory is exported with any filters currently applied, and you can save the file locally.
Delete a device
If you have devices no longer in use, delete them from the device inventory so that they're no longer connected to Defender for IoT.
Devices might be inactive because of misconfigured SPAN ports, changes in network coverage, or because the device was unplugged from the network.
Delete inactive devices to maintain a correct representation of current network activity, better understand the number of devices that you're monitoring when managing your Defender for IoT licenses and plans, and to reduce clutter on your screen.
To delete a device:
In the Device inventory page, select the device you want to delete, and then select Delete  in the toolbar at the top of the page.
 in the toolbar at the top of the page.
At the prompt, select Yes to confirm that you want to delete the device from Defender for IoT.
Next steps
For more information, see:
 
 
