Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console)

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console)

    The Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console) integrates Microsoft Defender for IoT with the ServiceNow® Operational Technology Manager application. This integration automates the import of sensor appliances, operational technology (OT) devices, and network connections into the ServiceNow Configuration Management Database (CMDB), enabling efficient management and visibility of OT infrastructure.

    Show full answer Show less

    The connector supports Microsoft Defender for IoT version 10.5.2 or later and is available via the ServiceNow Store. It includes a guided setup to streamline configuration and offers monitoring capabilities through the CMDB integrations dashboard.

    Key Features

    • Automated Data Import: Periodically pulls data from Microsoft Defender for IoT projects, importing sensor, device, and connection information into ServiceNow.
    • Guided Setup: Provides a structured task sequence to configure the integration efficiently within the ServiceNow instance.
    • CMDB Integrations Dashboard: Centralizes monitoring of integration status, processing results, and errors, with filtering options by integration, time frame, or run instance.
    • Data Mapping and Transformation: Uses the Robust Transform Engine (RTE) to map and transform incoming data into ServiceNow CMDB Configuration Item (CI) classes. The Identification and Reconciliation Engine (IRE) ensures accurate data insertion and deduplication.
    • Comprehensive CI Coverage: Supports a wide range of OT and IT device classes, such as servers (AIX, Linux, Solaris, Windows), industrial devices (PLCs, HMIs, sensors), network components (IP cameras, firewalls, switches), and others, ensuring rich asset representation in the CMDB.

    Data Integration Details

    The connector imports data into staging tables corresponding to three key data sources from Microsoft Defender for IoT:

    • Connections
    • Devices
    • Sensors

    From staging tables, data is transformed and inserted into target CMDB tables extending from the cmdbci base table, covering a broad spectrum of device and equipment types relevant to OT and IT environments.

    Practical Benefits for ServiceNow Customers

    • Enhanced OT Asset Visibility: Automates synchronization of OT device and sensor information into ServiceNow, providing up-to-date asset data for operational and security management.
    • Streamlined Configuration: Guided setup simplifies deployment, reducing implementation time and effort.
    • Improved Data Quality: Robust mapping and reconciliation ensure accurate, deduplicated CMDB entries, supporting better decision-making and incident management.
    • Centralized Monitoring: Integration dashboard enables proactive oversight of data imports and integration health.

    Next Steps

    ServiceNow customers should utilize the guided setup to configure the connector, then schedule periodic data pulls to maintain current OT asset data within their CMDB. Monitoring should be performed regularly through the CMDB integrations dashboard to ensure successful data synchronization and address any processing errors promptly.

    Integrate Microsoft Defender for IoT (On-premises Management Console) with the ServiceNow® Operational Technology Manager application to automate import of sensor appliances, OT devices, and network connections.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Supported versions

    Microsoft Defender for IoT (On-premises Management Console) version: 10.5.2  or later

    Use cases

    You can use the Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console) with the ServiceNow® Operational Technology Manager application to import sensor appliances, OT devices, and network connections.

    Guided setup

    The guided setup for the Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console) provides an organized sequence of tasks to configure the integration on your instance. To access the guided setup, see Configure guided setup.

    CMDB integrations dashboard

    The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring integrations in the CMDB Integrations Dashboard, see Integration Commons for CMDB.

    Data mapping

    Data from the Microsoft Defender for IoT (On-premises Management Console) data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).

    When you complete the setup, you can configure the integration to periodically pull data from the Microsoft Defender for IoT (On-premises Management Console) application.

    The following table lists the data sources included for a Microsoft Defender for IoT (On-premises Management Console) project and the corresponding staging tables where the imported data is loaded.
    Table 1. Data sources and staging tables for Microsoft Defender for IoT (On-premises Management Console)
    Data source Staging table
    SG-OT Microsoft D4IoT Connections Import SG-OT Msft D4IoT Connections Import [sn_msftd4iotsgc_sg_ot_msft_d4iot_connections_import]
    SG-OT Microsoft D4IoT Devices Import SG-OT Msft D4IoT Devices Import [sn_msftd4iotsgc_sg_ot_msft_d4iot_devices_import]
    SG-OT Microsoft D4IoT Sensors Import SG-OT Msft D4IoT Sensors Import [sn_msftd4iotsgc_sg_ot_msft_d4iot_sensors_import]
    The imported data from the staging tables is then inserted into the following target tables:
    • AIX Server [cmdb_ci_aix_server]
    • Computer [cmdb_ci_computer]
    • Configuration Item [cmdb_ci]
    • DCS [cmdb_ci_ot_dcs]
    • ESX Server [cmdb_ci_esx_server]
    • EWS [cmdb_ci_ot_ews]
    • External System Metadata [cmdb_key_value_v2]
    • Game Console [cmdb_ci_game_console]
    • Handheld Computing Device [cmdb_ci_handheld_computing]
    • Historian [cmdb_ci_ot_historian]
    • HMI [cmdb_ci_ot_hmi]
    • HP-UX Server [cmdb_ci_hpux_server]
    • HVAC Equipment [cmdb_ci_hvac]
    • HyperV Server [cmdb_ci_hyper_v_server]
    • IED [cmdb_ci_ot_ied]
    • Industrial Actuator [cmdb_ci_ot_industrial_actuator]
    • Industrial Drive [cmdb_ci_ot_industrial_drive]
    • Industrial Robot [cmdb_ci_ot_industrial_robot]
    • Industrial Sensor [cmdb_ci_ot_industrial_sensor]
    • IoT Device [cmdb_ci_iot]
    • IP Address [cmdb_ci_ip_address]
    • IP Camera [cmdb_ci_ip_camera]
    • IP Firewall [cmdb_ci_ip_firewall]
    • IP Phone [cmdb_ci_ip_phone]
    • Linux Server [cmdb_ci_linux_server]
    • Netgear [cmdb_ci_netgear]
    • Network Adapter [cmdb_ci_network_adapter]
    • Network Intrusion Detection System [cmdb_ci_nids]
    • Operational Technology (OT) [cmdb_ci_ot]
    • OSX Server [cmdb_ci_osx_server]
    • OT Control Module [cmdb_ci_ot_control_module]
    • OT Control System [cmdb_ci_ot_control]
    • OT Device Details [cmdb_ot_entity]
    • OT Field Device [cmdb_ci_ot_field_device]
    • PLC [cmdb_ci_ot_plc]
    • Printer [cmdb_ci_printer]
    • RTU [cmdb_ci_ot_rtu]
    • Serial Number [cmdb_serial_number]
    • Server [cmdb_ci_server]
    • Server [cmdb_ci_server]
    • Solaris Server [cmdb_ci_solaris_server]
    • Source [sys_object_source]
    • Unix Servercmdb_ci_unix_server]
    • Uninterruptible Power Supply (UPS) [cmdb_ci_ups]
    • Wireless Access Point [cmdb_ci_wap_network]

    For more information on where data is saved when pulling data from a Microsoft Defender for IoT (On-premises Management Console) project, see CMDB classes targeted.