Share via

Defender for IOT Agentless Solution or MicroAgent Solution

Umair Akhtar 41 Reputation points
2022-12-07T12:50:47.753+00:00

Hi,

I am working on Cloud based IOT solution PoC. Currently, I am doing testing with one device which would later go upto 11 devices. I have to implement Defender for IOT for this solution. I have looked at the documentation https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/tutorial-configure-agent-based-solution . I have enabled Microsoft Defender for IoT in Azure IoT Hub, added a resource group to IoT solution, created a Defender for IoT micro agent module twin (Preview). But I have not installed the Defender for IoT micro agent (Preview) yet. Device I am using is being controlled through application installed on Windows system. Compatible operating system mentioned in the documentation are for Ubuntu 18.04,Ubuntu 20.04 and for Debian 9 (both AMD64 and ARM64).

My questions are 'How do i install the microagent on windows machine?' and also 'Is microagent installed on Device's own operating system?'.

Also, There is some confusion around agentless and microagent solutions. I am working for a company which is designing this solution for a manufacturing company. In this scenarion, which one would be the right choice? Plus,If i choose 'Defender for IoT agent-based solution'. Would I have to install any OT sensors on premise? because in this tutorial https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/tutorial-configure-agent-based-solution, there is no mention of any sensors installations.

From pricing stand point, there is only 1 device in the begining. While, defender for IOT offers minimum 100 device pricing model in monthly and annually. In this scenario, which option is best? also devices will be managed through IoT hub and in future maximum there will be around 11 devices. So which solution would be suitable for this i.e. Security for Enterprise IoT devices, Security for new devices provisioned through IoT Hub or Agentless monitoring. Ref: https://azure.microsoft.com/en-us/pricing/details/iot-defender/

I would like not to install any hardware/sensor/Appliance on premise and manage everything from cloud.

Thank you

Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,273 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sander van de Velde | MVP 36,766 Reputation points MVP Volunteer Moderator
    2022-12-11T23:54:45.863+00:00

    Hello @Umair Akhtar ,

    There are several angles to your questions and it's not easy to give simple answer.

    Regarding the agent-based version of Defender for IoT, you have seen the installers are Linux based .

    Microsoft supports Azure IoT Edge on Windows devices (called EFLOW) and depends heavily on the Linux subsystem on windows devices.

    So, you can try to install the agent on the Linux subsystem on your test device...

    Using the agent, you get full insights into what is happening on your device (my experience comes from devices running Ubuntu Linux). For example, I get notifications about failed login attempts.

    The agentless approach uses a combination of machine learning and deep packet inspection on the local network (along with more traditional ways of identifying devices). This builds up a 'mental picture' of inter-device communication and tries to guess when something strange is happening.

    So you can either go for one solution or try both next to each other.

    Each solution has its own way of billing. The number of devices is small but there are also security and monitoring cloud resources
    involved.

    So, as with any cloud resource, keep a good eye on your daily usage and expected billing at the end of the month.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.