Provision the Microsoft Defender for IoT micro agent using DPS
This article explains how to provision the standalone Microsoft Defender for IoT micro agent using Azure IoT Hub Device Provisioning Service with X.509 certificate attestation.
To learn how to configure the Microsoft Defender for IoT micro agent for Edge devices see Create and provision IoT Edge devices at scale
Prerequisites
An Azure account with an active subscription. For more information, see Create an Azure account.
An IoT hub.
Provision
In the Azure portal, go to your instance of the IoT Hub device provisioning service.
Under Settings, select Manage enrollments.
Select Add individual enrollment, and then complete the steps to configure the enrollment:
- In the Mechanism field, select X.509 at the identity attestation Mechanism and choose your CA.
Navigate into your destination IoT Hub.
Create a new module issued by the same certificate.
Configure the micro agent to use the created module (note that the device does not have to exist yet).
Navigate back to DPS and provision the device through DPS.
Navigate to the configured device in the destination IoT Hub.
Create a new module for the device issued by the same CA authenticator.
Run the agent that you configured in step 4 to confirm it connects to the device.
Note
When using this procedure, while you don't need the device to exist before configuring the agent, you do need to know the device name in advance in order to issue the certificate for the final module correctly.
Next steps
Configure Microsoft Defender for IoT agent-based solution
Configure pluggable Authentication Modules (PAM) to audit sign-in events (Preview)
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for