Get started with Microsoft Defender for IoT device micro agents
Defender for IoT security agents offers enhanced security capabilities, such as monitoring operating system configuration best practices. Take control of your device field threat protection and security posture with a single service.
The Defender for IoT security agents handle raw event collection from the device operating system, event aggregation to reduce cost, and configuration through a device module twin. Security messages are sent through your IoT Hub, into Defender for IoT analytics services.
Use the following workflow to deploy and test your Defender for IoT security agents:
If your IoT Hub has no registered devices, Register a new device.
Create a DefenderIotMicroAgent module twin for your devices.
To install the agent on an Azure simulated device instead of installing on an actual device, spin up a new Azure Virtual Machine (VM).
Deploy a Defender for IoT security agent on your IoT device, or new VM.
Follow the instructions for trigger_events to run an OS baseline event.
Verify Defender for IoT recommendations in response to the simulated OS baseline check failure in the previous step. Begin verification 30 minutes after running the script.
Next steps
- Configure your solution
- Create Defender-IoT-micro-agents
- Configure custom alerts
- Deploy a security agent
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for