Service Graph Connector for Microsoft Defender for IoT (Azure)

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Service Graph Connector for Microsoft Defender for IoT (Azure)

    The Service Graph Connector for Microsoft Defender for IoT (Azure) enables integration between Microsoft Defender for IoT and the ServiceNow® Operational Technology Manager application. This integration automates the import of OT devices and sensor appliances into the ServiceNow CMDB, helping organizations maintain accurate and up-to-date operational technology asset records.

    Show full answer Show less

    The connector supports specific Microsoft Defender for IoT sensor versions (22.2.3.22 and 22.2.5.9) and is designed to streamline OT device management and visibility within ServiceNow.

    Key Features

    • Guided Setup: Provides a structured sequence of tasks to configure the integration easily within your ServiceNow instance.
    • CMDB Integrations Dashboard: Offers a centralized dashboard from the Integration Commons for CMDB app to monitor integration status, processing results, errors, and metrics with filtering capabilities.
    • Data Mapping and Transformation: Utilizes the Robust Transform Engine (RTE) and Identification and Reconciliation Engine (IRE) to map and insert imported data into relevant CMDB Configuration Item (CI) classes, ensuring data consistency and accuracy.
    • Data Sources and Staging: Imports data from Microsoft Defender for IoT into dedicated staging tables before moving the data into target CMDB tables representing various device types (e.g., servers, sensors, industrial equipment, network devices).
    • Validation of NIDS Sensors: Validates Network Intrusion Detection System (NIDS) sensors post-import to ensure only eligible sensors (not in learning mode) are used for device import.
    • Connection Management: Enables viewing and managing connection details via the Common Connection Framework (CCF) within the Integration Commons for CMDB store app.
    • Standard Mode Device Import: Supports importing OT devices discovered through Microsoft Defender for IoT’s standard discovery mode into ServiceNow.

    Practical Benefits for ServiceNow Customers

    • Automation: Reduces manual effort by automating the import and reconciliation of OT devices and sensor data into the CMDB.
    • Comprehensive OT Visibility: Provides a detailed and continuously updated inventory of operational technology assets within ServiceNow.
    • Improved Data Quality: Uses robust transformation and reconciliation engines to ensure accurate classification and mapping of imported data to appropriate CMDB classes.
    • Centralized Monitoring: Facilitates easy monitoring and troubleshooting of integrations via the CMDB dashboard.
    • Scalability: Supports periodic data pulls and integration configuration to maintain up-to-date OT device information.

    Next Steps

    • Use the guided setup to configure the connector in your ServiceNow instance.
    • Validate imported NIDS sensors to ensure device import eligibility.
    • Monitor integration performance and errors through the CMDB Integrations Dashboard.
    • Configure periodic synchronization to keep OT device data current.

    Integrate Microsoft Defender for IoT with the ServiceNow® Operational Technology Manager application to automate import of OT devices and sensor appliances.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Supported versions

    Supports Microsoft Defender for IoT sensor versions:
    • 22.2.3.22
    • 22.2.5.9

    Use cases

    You can use the Service Graph Connector for Microsoft Defender for IoT (Azure) with the ServiceNow® Operational Technology Manager application to import OT devices and sensor appliances.

    Guided setup

    The guided setup for the Service Graph Connector for Microsoft Defender for IoT (Azure) provides an organized sequence of tasks to configure the integration on your instance. To access the guided setup, see Configure guided setup.

    CMDB integrations dashboard

    The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring integrations in the CMDB Integrations Dashboard, see Integration Commons for CMDB.

    Data mapping

    Data from the Microsoft Defender for IoT (Azure) data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).

    When you complete the setup, you can configure the integration to periodically pull data from the Microsoft Defender for IoT (Azure) application.

    The following table lists the data sources included for a Microsoft Defender for IoT (Azure) project and the corresponding staging tables where the imported data is loaded.
    Table 1. Data sources and staging tables for Microsoft Defender for IoT (Azure)
    Data source Staging table
    SG-OT Azure D4IoT Devices Import SG-OT Azure D4IoT Devices Import [sn_msftd4iotazsgc_sg_ot_azure_d4iot_devices_import]
    SG-OT Azure D4IoT Sensors Import SG-OT Msft D4IoT Sensors Import [sn_msftd4iotazsgc_sg_ot_azure_d4iot_sensors_import]
    The imported data from the staging tables is then inserted into the following target tables:
    • AIX Server [cmdb_ci_aix_server]
    • Computer [cmdb_ci_computer]
    • Configuration Item [cmdb_ci]
    • DCS [cmdb_ci_ot_dcs]
    • ESX Server [cmdb_ci_esx_server]
    • EWS [cmdb_ci_ot_ews]
    • External System Metadata [cmdb_key_value_v2]
    • Game Console [cmdb_ci_game_console]
    • Handheld Computing Device [cmdb_ci_handheld_computing]
    • Historian [cmdb_ci_ot_historian]
    • HMI [cmdb_ci_ot_hmi]
    • HP-UX Server [cmdb_ci_hpux_server]
    • HVAC Equipment [cmdb_ci_hvac]
    • HyperV Server [cmdb_ci_hyper_v_server]
    • IED [cmdb_ci_ot_ied]
    • Industrial Actuator [cmdb_ci_ot_industrial_actuator]
    • Industrial Drive [cmdb_ci_ot_industrial_drive]
    • Industrial Robot [cmdb_ci_ot_industrial_robot]
    • Industrial Sensor [cmdb_ci_ot_industrial_sensor]
    • IoT Device [cmdb_ci_iot]
    • IP Address [cmdb_ci_ip_address]
    • IP Camera [cmdb_ci_ip_camera]
    • IP Firewall [cmdb_ci_ip_firewall]
    • IP Phone [cmdb_ci_ip_phone]
    • Linux Server [cmdb_ci_linux_server]
    • Netgear [cmdb_ci_netgear]
    • Network Adapter [cmdb_ci_network_adapter]
    • Network Intrusion Detection System [cmdb_ci_nids]
    • Operational Technology (OT) [cmdb_ci_ot]
    • OSX Server [cmdb_ci_osx_server]
    • OT Control Module [cmdb_ci_ot_control_module]
    • OT Control System [cmdb_ci_ot_control]
    • OT Device Details [cmdb_ot_entity]
    • OT Field Device [cmdb_ci_ot_field_device]
    • PLC [cmdb_ci_ot_plc]
    • Printer [cmdb_ci_printer]
    • RTU [cmdb_ci_ot_rtu]
    • Serial Number [cmdb_serial_number]
    • Server [cmdb_ci_server]
    • Server [cmdb_ci_server]
    • Solaris Server [cmdb_ci_solaris_server]
    • Source [sys_object_source]
    • Unix Servercmdb_ci_unix_server]
    • Uninterruptible Power Supply (UPS) [cmdb_ci_ups]
    • Wireless Access Point [cmdb_ci_wap_network]

    For more information on where data is saved when pulling data from a Microsoft Defender for IoT (Azure) project, see CMDB classes targeted.