Prepare an on-premises management console appliance (Legacy)


Defender for IoT now recommends using Microsoft cloud services or existing IT infrastructure for central monitoring and sensor management, and plans to retire the on-premises management console on January 1st, 2025.

For more information, see Deploy hybrid or air-gapped OT sensor management.

This article is one in a series of articles describing the deployment path for a Microsoft Defender for IoT on-premises management console for air-gapped OT sensors.

Diagram of a progress bar with Prepare your appliance highlighted.

Just as you'd prepared an on-premises appliance for your OT sensors, prepare an appliance for your on-premises management console.

Prepare a virtual appliance

If you're using a virtual appliance, ensure that you have the relevant resources configured.

For more information, see OT monitoring with virtual appliances.

Prepare a physical appliance

If you're using a physical appliance, ensure that you have the required hardware. You can buy pre-configured appliances, or plan to install software on your own appliances.

To buy pre-configured appliances, email request your appliance.

For more information, see Which appliances do I need?

Prepare ancillary hardware

If you're using physical appliances, make sure that you have the following extra hardware available for each physical appliance:

  • A monitor and keyboard
  • Rack space
  • AC power
  • A LAN cable to connect the appliance's management port to the network switch
  • LAN cables for connecting mirror (SPAN) ports and network terminal access points (TAPs) to your appliance

Prepare CA-signed certificates

While the on-premises management console is installed with a default, self-signed SSH/TLS certificate, we recommend using CA-signed certificates in production deployments.

SSH/TLS certificate requirements are the same for on-premises management consoles as they are for OT network sensors.

If you want to deploy a CA-signed certificate during initial deployment, make sure to have the certificate prepared. If you decide to deploy with the built-in, self-signed certificate, we recommend that you still deploy a CA-signed certificate in production environments later on.

For more information, see:

Next steps