Quickstart: Create an azureiotsecurity module twin
This quickstart explains how to create individual azureiotsecurity module twins for new devices, or batch create module twins for all devices in an IoT Hub.
Prerequisites
- None
Understanding azureiotsecurity module twins
For IoT solutions built in Azure, device twins play a key role in both device management and process automation.
Defender for IoT offers full integration with your existing IoT device management platform, enabling you to manage your device security status and make use of existing device control capabilities. Defender for IoT integration is achieved by making use of the IoT Hub twin mechanism.
See IoT Hub module twins[IoT Hub module twins] to learn more about the general concept of module twins in Azure IoT Hub.
Defender for IoT makes use of the module twin mechanism and maintains a security module twin named azureiotsecurity for each of your devices.
The Defender-IoT-micro-agent twin holds all the information relevant to device security for each of your devices.
To make full use of Defender for IoT features, you'll need to create, configure, and use this Defender-IoT-micro-agent twins for every device in the service.
Create azureiotsecurity module twin
azureiotsecurity module twins can be created in two ways:
- Module batch script - automatically creates module twin for new devices or devices without a module twin using the default configuration.
- Manually editing each module twin individually with specific configurations for each device.
Note
Using the batch method will not overwrite existing azureiotsecurity module twins. Using the batch method ONLY creates new module twins for devices that do not already have a security module twin.
See agent configuration to learn how to modify or change the configuration of an existing module twin.
To manually create a new azureiotsecurity module twin for a device:
In your IoT Hub, locate and select the device you wish to create a security module twin for.
Select on your device, and then on Add module identity.
In the Module Identity Name field, enter azureiotsecurity.
Select Save.
Verify creation of a module twin
To verify if a security module twin exists for a specific device:
In your Azure IoT Hub, select IoT devices from the Explorers menu.
Enter the device ID, or select an option in the Query device field and select Query devices.
Select the device or double select it to open the Device details page.
Select the Module identities menu, and confirm existence of the azureiotsecurity module in the list of module identities associated with the device.
To learn more about customizing properties of Defender for IoT module twins, see Agent configuration.
Next steps
Advance to the next article to learn how to investigate security recommendations...
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for