Azure Defender for IoT: announcing Public Preview of the new micro-agent



Security is a near-universal concern for IoT implementers. IoT devices have unique needs for endpoint monitoring, security posture management, and threat detection. Each one of them with their own highly-specific performance requirements.


We are announcing today, the Public Preview of the new micro agent for IoT devices. We’ve developed the new agent from the ground up and used the knowledge and experience we have gathered from the previous security modules in addition to customer and partner feedback.


Integration with Azure IoT Hub and Azure Defender for IoT


The new security agents allow you to build stronger endpoint security directly into your IoT devices. This can be accomplished by integrating it with the monitoring option provided by both the Azure IoT Hub and Azure Defender for IoT.




Azure Defender for IoT offers two sets of functions, agentless monitoring via passive network traffic analysis (NTA), and an additional layer of security delivered via our new endpoint micro-agents.


End-user organizations can combine the two, to benefit from a defense-in-depth approach by monitoring at both the endpoint and network layers. The cloud-based console for Azure Defender for IoT allows for unified visibility into assets, vulnerabilities, and threats using telemetry from both approaches.


Azure Defender for IoT can also integrate with Azure Sentinel, Microsoft’s cloud-based SIEM/SOAR platform, which was recently recognized as a Leader in the Forrester Wave. Thereby enabling organizations to rapidly detect and investigate multistage attacks that cross IT and OT boundaries.


Flexible deployment options with support for standard IoT operating systems


The micro-agent can be deployed either as a binary package or as modifiable source code, with support for standard IoT operating systems like Linux and Azure RTOS.

Having the source code available, allows you to incorporate the code into firmware and customize it to meet your unique needs. The agent is integrated directly into Azure RTOS, which eliminates the need for a separate agent installation process.


Minimal resource requirements with no OS kernel dependencies


The new micro-agents have a small footprint, low CPU consumption, and no OS kernel dependencies. This makes them ideal for low-cost and low-power devices.


Security posture management


You can proactively monitor the security posture of your IoT devices in Defender for IoT Azure portal inside your IoT Hub. The agents provide security posture recommendations based on the CIS benchmark. You can get continuous visibility into your device's risk including OS configuration vulnerabilities, firewall configuration, and permissions.


Continuous, real-time IoT/OT threat detection


Use the new micro-agents to detect threats such as botnets, brute force attempts, crypto miners, and suspicious network activity. You can create custom alerts that target the most important threats to your organization’s needs.

Note: these capabilities will be delivered in future releases of the Public Preview offering.



Next steps:

  • To learn more, visit the Defender for IoT documentation page or send an email to
  • For installation instructions click here
  • For details about support for the “classic C/C#/Edge security module click here


0 Replies