Azure Defender For Iot Skill
This skill provides expert guidance for Azure Defender For Iot. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.
How to Use This Skill
IMPORTANT for Agent: Use the Category Index below to locate relevant sections. For categories with line ranges (e.g.,
L35-L120), useread_filewith the specified lines. For categories with file links (e.g.,[security.md](security.md)), useread_fileon the linked reference file
IMPORTANT for Agent: If
metadata.generated_atis more than 3 months old, suggest the user pull the latest version from the repository. Ifmcp_microsoftdocstools are not available, suggest the user install it: Installation Guide
This skill requires network access to fetch documentation content:
- Preferred: Use
mcp_microsoftdocs:microsoft_docs_fetchwith query stringfrom=learn-agent-skill. Returns Markdown. - Fallback: Use
fetch_webpagewith query stringfrom=learn-agent-skill&accept=text/markdown. Returns Markdown.
Category Index
| Category | Lines | Description |
|---|---|---|
| Troubleshooting | L37-L45 | Diagnosing and fixing Defender for IoT micro agent and OT sensor issues, validating sensor installs, interpreting sensor health messages, and understanding built-in alert types. |
| Best Practices | L46-L53 | Best practices for OT/ICS: using CIS benchmarks, designing monitoring topology, planning sensor placement at sites, and optimizing alert triage and response workflows. |
| Decision Making | L54-L65 | Guidance on choosing OT traffic mirroring methods, licenses, and appliances, plus planning billing, console retirement, cloud transition, and tracking Defender for IoT OT software versions. |
| Architecture & Design Patterns | L66-L72 | OT network architectures for connecting sensors to Azure, sample connectivity models, and mapping Defender for IoT components to Purdue OT network layers. |
| Limits & Quotas | L73-L83 | Data residency, retention limits, feature lifecycle, supported/archived OT sensors, virtual appliance requirements, and networking/port prerequisites for Defender for IoT. |
| Security | L84-L106 | Security alerts, recommendations, roles, auth, and certificates for Defender for IoT/IoT Hub/OT sensors, including RBAC, SSO, PAM auditing, and Zero Trust monitoring. |
| Configuration | L107-L130 | Configuring Defender for IoT micro agents and OT sensors: setup, OS dependencies, monitoring modes, networking/proxy/DNS/firewall, sensor management, maintenance, and auditing activity. |
| Integrations & Coding Patterns | L131-L165 | Integrating Defender for IoT with SIEMs, firewalls, ServiceNow, Sentinel, and partner tools, plus APIs, micro agent provisioning, traffic mirroring, and automation patterns. |
| Deployment | L166-L188 | Hardware/VM requirements and step-by-step guides to deploy, configure, mirror traffic, back up, restore, and update Defender for IoT OT sensor appliances and VMs. |
Troubleshooting
| Topic | URL |
|---|---|
| Troubleshoot Defender for IoT micro agent issues | https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/troubleshoot-defender-micro-agent |
| Reference Microsoft Defender for IoT alert types | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/alert-engine-messages |
| Troubleshoot Microsoft Defender for IoT OT sensors | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-troubleshoot-sensor |
| Validate Defender for IoT OT sensor software installation | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/ot-deploy/post-install-validation-ot-software |
| Interpret Defender for IoT sensor health messages | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/sensor-health-messages |
Best Practices
| Topic | URL |
|---|---|
| Investigate CIS benchmark recommendations in Defender | https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/how-to-investigate-cis-benchmark |
| Plan OT monitoring topology with Defender for IoT | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/plan-corporate-monitoring |
| Prepare OT sites and sensor placement for Defender for IoT | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/plan-prepare-deploy |
| Optimize OT alert workflows on Defender for IoT sensors | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-accelerate-alert-incident-response |
Decision Making
Architecture & Design Patterns
| Topic | URL |
|---|---|
| Select architectures to connect OT sensors to Azure | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/architecture-connections |
| Use sample OT network connectivity models for sensors | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/sample-connectivity-models |
| Map Defender for IoT to Purdue OT network layers | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/understand-network-architecture |