I don't think I have any recommendation on improvements for Microsoft Defender for IoT because we don't use it too extensively. There are a few limitations with Microsoft Defender for IoT. We raised concerns with the product team because they don't capture all the information regarding command execution or processes executed on certain endpoints. They said that Defender is not a logging tool, so it is expected that certain events are not logged into Defender. We don't have full visibility, which they categorize as intended design; however, it is a severe limitation from our end because if we don't have visibility on our environment and what's going on with devices onboarded, then that is a gap. There is latency with Microsoft Defender for IoT; we see a lot of events triggered where the event was generated six hours ago and the alert was triggered now, six to eight hours later. We have experienced tons of latency. They do support us quite well; however, there is room for improvement. In the case of the logging visibility issue, it took about two months for them to resolve it, and one entire month was just for them to understand what the limitation was. We went through about five to six sessions demonstrating, troubleshooting, showing them the logs, and performing tests for them to understand our issue. That's when they took it to the product team.
Principale Systems Architect at a manufacturing company with 10,001+ employees
Real User
Top 20
Apr 25, 2025
The documentation for Microsoft Defender for IoT is lacking. There are no clear steps or guidance, and updates are frequent, which adds to the confusion. More detailed documentation with video instructions for tasks would be helpful. The system capabilities are not well-documented either. Importing device names and maintaining a list can be cumbersome, as it requires manual input for a large number of devices. The backup and restore process is limited to GUI for backup but lacks a GUI for restore, though future updates might address this. Sentinel ( /products/sentinel-reviews ) documentation is also poor, with limited guidance available.
Information Technology/ Cyber Security and Data Privacy Consultant at Protiviti
MSP
Top 10
Dec 27, 2024
The primary area that needs improvement is compatibility with the latest IoT technologies. Microsoft needs flexibility to ensure good compatibility with new IoT solutions, which frequently introduce complex algorithms, scripts, and capabilities. Making customer support more accessible and affordable would be an improvement. It is currently relatively expensive and not easily reachable.
Learn what your peers think about Microsoft Defender for IoT. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
Microsoft Defender for IoT offers advanced security designed to protect IoT environments from sophisticated threats. Its deep integration with Azure reinforces security across devices and networks.Microsoft Defender for IoT provides scalable threat detection and security intelligence tailored for IoT devices. Leveraging cloud-powered analytics, it ensures protection against emerging threats while supporting diverse device landscapes. The platform's compatibility with Azure Sentinel offers...
I don't think I have any recommendation on improvements for Microsoft Defender for IoT because we don't use it too extensively. There are a few limitations with Microsoft Defender for IoT. We raised concerns with the product team because they don't capture all the information regarding command execution or processes executed on certain endpoints. They said that Defender is not a logging tool, so it is expected that certain events are not logged into Defender. We don't have full visibility, which they categorize as intended design; however, it is a severe limitation from our end because if we don't have visibility on our environment and what's going on with devices onboarded, then that is a gap. There is latency with Microsoft Defender for IoT; we see a lot of events triggered where the event was generated six hours ago and the alert was triggered now, six to eight hours later. We have experienced tons of latency. They do support us quite well; however, there is room for improvement. In the case of the logging visibility issue, it took about two months for them to resolve it, and one entire month was just for them to understand what the limitation was. We went through about five to six sessions demonstrating, troubleshooting, showing them the logs, and performing tests for them to understand our issue. That's when they took it to the product team.
The documentation for Microsoft Defender for IoT is lacking. There are no clear steps or guidance, and updates are frequent, which adds to the confusion. More detailed documentation with video instructions for tasks would be helpful. The system capabilities are not well-documented either. Importing device names and maintaining a list can be cumbersome, as it requires manual input for a large number of devices. The backup and restore process is limited to GUI for backup but lacks a GUI for restore, though future updates might address this. Sentinel ( /products/sentinel-reviews ) documentation is also poor, with limited guidance available.
The primary area that needs improvement is compatibility with the latest IoT technologies. Microsoft needs flexibility to ensure good compatibility with new IoT solutions, which frequently introduce complex algorithms, scripts, and capabilities. Making customer support more accessible and affordable would be an improvement. It is currently relatively expensive and not easily reachable.