Tutorial: Create a DefenderIotMicroAgent module twin

This tutorial will help you learn how to create an individual DefenderIotMicroAgent module twin for new devices.

Note

Defender for IoT plans to retire the micro agent on August 1, 2025.

Device twins

Device twins play a key role in both device management and process automation, for IoT solutions that are built in to Azure.

Defender for IoT offers the capability to fully integrate your existing IoT device management platform, enabling you to manage your device security status and make use of the existing device control capabilities. You can integrate your Defender for IoT by using the IoT Hub twin mechanism.

To learn more about the general concept of module twins in Azure IoT Hub, see Understand and use module twins in IoT Hub.

Defender for IoT uses the module twin mechanism, and maintains a Defender-IoT-micro-agent twin named DefenderIotMicroAgent for each of your devices.

To take full advantage of all Defender for IoT features, you need to create, configure, and use the Defender-IoT-micro-agent twins for every device in the service.

Defender-IoT-micro-agent twin

Defender for IoT uses a Defender-IoT-micro-agent twin for each device. The Defender-IoT-micro-agent twin holds all of the information that is relevant to device security for each specific device in your solution. Device security properties are configured through a dedicated Defender-IoT-micro-agent twin for safer communication, to enable updates, and maintenance that requires fewer resources.

In this tutorial you'll learn how to:

• Create a DefenderIotMicroAgent module twin
• Verify the creation of a module twin

Prerequisites

• An Azure account with an active subscription. Create an account for free.

• Verify you are running one of the following operating systems.

• An IoT hub.

• You must have enabled Microsoft Defender for IoT on your Azure IoT Hub.

• You must have added a resource group to your IoT solution.

Create a DefenderIotMicroAgent module twin

A DefenderIotMicroAgent module twin can be created by manually editing each module twin to include specific configurations for each device.

To create a DefenderIotMicroAgent module twin for a device:

1. Sign in to the Azure portal.

2. Navigate to IoT Hub > Your hub > Device management > Devices.

3. Select your device from the list.

4. Select Add module identity.

5. In the Module Identity Name field, enter DefenderIotMicroAgent.

6. Select Save.

Verify the creation of a module twin

To verify the creation of a DefenderIotMicroAgent module twin on a specific device:

1. Sign in to the Azure portal.

2. Navigate to IoT Hub > Your hub > Device management > Devices.

3. Select your device.

4. Under the Module Identities tab, confirm the existence of the DefenderIotMicroAgent module in the list of module identities associated with the device.

   

Next steps

Install the Defender for IoT micro agent