Deploy a Defender for IoT C#-based security agent for Windows
This guide explains how to install the Defender for IoT C#-based security agent on Windows.
In this guide, you learn how to:
- Install
- Verify deployment
- Uninstall the agent
- Troubleshoot
Prerequisites
For other platforms and agent flavors, see Choose the right security agent.
Local admin rights on the machine you wish to install on.
Create a Defender-IoT-micro-agent for the device.
Installation
To install the security agent, use the following workflow:
Install the Defender for IoT Windows C# agent on the device. Download the most recent version to your machine from the Defender for IoT GitHub repository.
Extract the contents of the package, and navigate to the /Install folder.
Open Windows PowerShell as Administrator.
Add running permissions to the InstallSecurityAgent script by running:
Unblock-File .\InstallSecurityAgent.ps1then run:
.\InstallSecurityAgent.ps1 -Install -aui <authentication identity> -aum <authentication method> -f <file path> -hn <host name> -di <device id> -cl <certificate location kind>For example:
.\InstallSecurityAgent.ps1 -Install -aui Device -aum SymmetricKey -f c:\Temp\Key.txt -hn MyIotHub.azure-devices.net -di Mydevice1 -cl storeFor more information about authentication parameters, see How to configure authentication.
This script does the following actions:
- Installs prerequisites.
- Adds a service user (with interactive sign-in disabled).
- Installs the agent as a System Service.
- Configures the agent with the provided authentication parameters.
For extra help, use the Get-Help command in PowerShell.
Get-Help example: Get-Help .\InstallSecurityAgent.ps1
Verify deployment status
Check the agent deployment status by running:
sc.exe query "ASC IoT Agent"
Uninstall the agent
To uninstall the agent:
Run the following PowerShell script with the -mode parameter set to Uninstall.
.\InstallSecurityAgent.ps1 -Uninstall
Troubleshooting
If the agent fails to start, turn on logging (logging is off by default) to get more information.
To turn on logging:
Open the configuration file (General.config) for editing using a standard file editor.
Edit the following values:
<add key="logLevel" value="Debug" /> <add key="fileLogLevel" value="Debug"/> <add key="diagnosticVerbosityLevel" value="Some" /> <add key="logFilePath" value="IoTAgentLog.log" />Note
We recommend turning logging off after troubleshooting is complete. Leaving logging on increases log file size and data usage.
Restart the agent by running the following PowerShell or command line:
PowerShell
Restart-Service "ASC IoT Agent"or
CMD
sc.exe stop "ASC IoT Agent" sc.exe start "ASC IoT Agent"Review the log file for more information about the failure. The log file would be present in the working directory where we run the script.
Log file location:
.\IoTAgentLog.log
Next steps
- Read the Defender for IoT service Overview
- Learn more about Defender for IoT What is agent-based solution for device builders
- Enable the service
- Read the Microsoft Defender for IoT agent frequently asked questions
- Understand alerts
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for