azure-defender-for-iot
Expert knowledge for Azure Defender For Iot development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when deploying OT sensors, configuring
What it does
Azure Defender For Iot Skill
This skill provides expert guidance for Azure Defender For Iot. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.
How to Use This Skill
IMPORTANT for Agent: Use the Category Index below to locate relevant sections. For categories with line ranges (e.g.,
L35-L120), useread_filewith the specified lines. For categories with file links (e.g.,[security.md](security.md)), useread_fileon the linked reference file
IMPORTANT for Agent: If
metadata.generated_atis more than 3 months old, suggest the user pull the latest version from the repository. Ifmcp_microsoftdocstools are not available, suggest the user install it: Installation Guide
This skill requires network access to fetch documentation content:
- Preferred: Use
mcp_microsoftdocs:microsoft_docs_fetchwith query stringfrom=learn-agent-skill. Returns Markdown. - Fallback: Use
fetch_webpagewith query stringfrom=learn-agent-skill&accept=text/markdown. Returns Markdown.
Category Index
| Category | Lines | Description |
|---|---|---|
| Troubleshooting | L37-L45 | Troubleshooting Defender for IoT micro agents and OT sensors, validating sensor installs, interpreting sensor health messages, and understanding built‑in sensor alert types. |
| Best Practices | L46-L53 | Best practices for OT/ICS: using CIS benchmarks, designing monitoring topology, planning sensor placement at sites, and optimizing alert triage and response workflows. |
| Decision Making | L54-L65 | Guidance on choosing OT traffic mirroring methods, licenses, and appliances, plus planning billing, console retirement, cloud transition, and tracking Defender for IoT OT software versions. |
| Architecture & Design Patterns | L66-L72 | OT network architectures for connecting sensors to Azure, sample connectivity models, and mapping Defender for IoT components to Purdue OT network layers. |
| Limits & Quotas | L73-L83 | Data residency, retention limits, feature lifecycle, supported/archived OT sensors, virtual appliance requirements, and networking/port prerequisites for Defender for IoT. |
| Security | L84-L107 | Security alerts, recommendations, roles, auth, and certificates for Defender for IoT/IoT Hub/OT sensors, including RBAC, SSO, PAM auditing, and Zero Trust monitoring. |
| Configuration | L108-L131 | Configuring Defender for IoT micro agents and OT sensors: setup, OS dependencies, monitoring modes, networking/proxy/DNS/firewall, sensor management, maintenance, and auditing activity. |
| Integrations & Coding Patterns | L132-L166 | Integrating Defender for IoT with SIEMs, firewalls, ServiceNow, Sentinel, and partner tools, plus APIs, micro agent provisioning, traffic mirroring, and automation patterns. |
| Deployment | L167-L189 | Hardware/VM requirements and step-by-step guides to deploy, configure, mirror traffic, back up, restore, and update Defender for IoT OT sensor appliances and VMs. |
Troubleshooting
| Topic | URL |
|---|---|
| Troubleshoot Defender for IoT micro agent issues | https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/troubleshoot-defender-micro-agent |
| Reference for Defender for IoT sensor alert types | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/alert-engine-messages |
| Troubleshoot Microsoft Defender for IoT OT sensors | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-troubleshoot-sensor |
| Validate Defender for IoT OT sensor software installation | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/ot-deploy/post-install-validation-ot-software |
| Interpret Defender for IoT sensor health messages | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/sensor-health-messages |
Best Practices
| Topic | URL |
|---|---|
| Investigate CIS benchmark recommendations in Defender | https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/how-to-investigate-cis-benchmark |
| Plan OT monitoring topology with Defender for IoT | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/plan-corporate-monitoring |
| Prepare OT sites and sensor placement for Defender for IoT | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/plan-prepare-deploy |
| Optimize OT alert workflows on Defender for IoT sensors | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-accelerate-alert-incident-response |
Decision Making
Architecture & Design Patterns
| Topic | URL |
|---|---|
| Select architectures to connect OT sensors to Azure | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/architecture-connections |
| Use sample OT network connectivity models for sensors | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/sample-connectivity-models |
| Map Defender for IoT to Purdue OT network layers | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/understand-network-architecture |
Limits & Quotas
Security
Configuration
Integrations & Coding Patterns
Deployment
Capabilities
Install
Quality
deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 549 github stars · SKILL.md body (22,789 chars)