Install Defender for IoT micro agent for Edge

This article explains how to install, and authenticate the Defender micro agent for Edge.

Note

Defender for IoT plans to retire the micro agent on August 1, 2025.

Prerequisites

  1. Navigate to your IoT Hub or, create a new IoT hub.

  2. Register an IoT Edge device in IoT Hub and retrieve connection strings.

  3. Add the appropriate Microsoft package repository.

    1. Download the repository configuration that matches your device operating system.

      • For Ubuntu 18.04

        curl https://packages.microsoft.com/config/ubuntu/18.04/multiarch/prod.list > ./microsoft-prod.list
        
      • For Ubuntu 20.04

         curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list > ./microsoft-prod.list
        
      • For Debian 9 (both AMD64 and ARM64)

        curl https://packages.microsoft.com/config/debian/stretch/multiarch/prod.list > ./microsoft-prod.list
        
    2. Copy the repository configuration to the sources.list.d directory.

      sudo cp ./microsoft-prod.list /etc/apt/sources.list.d/
      
    3. Update the list of packages from the repository that you added with the following command:

      sudo apt-get update
      
  4. Install and configure Edge runtime version 1.2

Installation

  1. Install the Defender micro agent package on Debian, and Ubuntu based Linux distributions, using the following command:

    sudo apt-get install defender-iot-micro-agent-edge
    
  2. Validate your installation.

    1. Ensure the micro agent is running properly with the following command:

      systemctl status defender-iot-micro-agent.service
      
    2. Ensure that the service is stable by making sure it's active and that the uptime of the process is appropriate

      Check to make sure your service is stable and active.

  3. Test the system end-to-end by creating a trigger file on the device. The trigger file causes a baseline scan in the agent that detects the file as a baseline violation.

    Create a file on the file system with the following command:

    sudo touch /tmp/DefenderForIoTOSBaselineTrigger.txt 
    

    A baseline validation failure recommendation occurs in the hub, with a CceId of CIS-debian-9-DEFENDER_FOR_IOT_TEST_CHECKS-0.0:

    The baseline validation failure recommendation that occurs in the hub.

    Allow up to one hour for the recommendation to appear in the hub.

  4. Install a specific version of the Defender IoT micro agent, use the following command:

    sudo apt-get install defender-iot-micro-agent-edge=<version>
    

Next steps