Stats
Actions
Tags
From azure-agent-skills
Expert guidance for Azure Defender for IoT development: troubleshooting OT sensors and micro agents, configuring traffic mirroring, integrating with SIEM/Sentinel, and managing alerts.
How this skill is triggered — by the user, by Claude, or both
Slash command
/azure-agent-skills:azure-defender-for-iotThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill provides expert guidance for Azure Defender For Iot. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.
This skill provides expert guidance for Azure Defender For Iot. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.
IMPORTANT for Agent: Use the Category Index below to locate relevant sections. For categories with line ranges (e.g.,
L35-L120), useread_filewith the specified lines. For categories with file links (e.g.,[security.md](security.md)), useread_fileon the linked reference file
IMPORTANT for Agent: If
metadata.generated_atis more than 3 months old, suggest the user pull the latest version from the repository. Ifmcp_microsoftdocstools are not available, suggest the user install it: Installation Guide
This skill requires network access to fetch documentation content:
mcp_microsoftdocs:microsoft_docs_fetch with query string from=learn-agent-skill. Returns Markdown.fetch_webpage with query string from=learn-agent-skill&accept=text/markdown. Returns Markdown.| Category | Lines | Description |
|---|---|---|
| Troubleshooting | L37-L45 | Diagnosing and fixing Defender for IoT micro agent and OT sensor issues, validating sensor installs, interpreting sensor health messages, and understanding built-in alert types. |
| Best Practices | L46-L53 | Best practices for OT/ICS: using CIS benchmarks, designing monitoring topology, planning sensor placement at sites, and optimizing alert triage and response workflows. |
| Decision Making | L54-L65 | Guidance on choosing OT traffic mirroring methods, licenses, and appliances, plus planning billing, console retirement, cloud transition, and tracking Defender for IoT OT software versions. |
| Architecture & Design Patterns | L66-L72 | OT network architectures for connecting sensors to Azure, sample connectivity models, and mapping Defender for IoT components to Purdue OT network layers. |
| Limits & Quotas | L73-L83 | Data residency, retention limits, feature lifecycle, supported/archived OT sensors, virtual appliance requirements, and networking/port prerequisites for Defender for IoT. |
| Security | L84-L106 | Security alerts, recommendations, roles, auth, and certificates for Defender for IoT/IoT Hub/OT sensors, including RBAC, SSO, PAM auditing, and Zero Trust monitoring. |
| Configuration | L107-L130 | Configuring Defender for IoT micro agents and OT sensors: setup, OS dependencies, monitoring modes, networking/proxy/DNS/firewall, sensor management, maintenance, and auditing activity. |
| Integrations & Coding Patterns | L131-L165 | Integrating Defender for IoT with SIEMs, firewalls, ServiceNow, Sentinel, and partner tools, plus APIs, micro agent provisioning, traffic mirroring, and automation patterns. |
| Deployment | L166-L188 | Hardware/VM requirements and step-by-step guides to deploy, configure, mirror traffic, back up, restore, and update Defender for IoT OT sensor appliances and VMs. |
| Topic | URL |
|---|---|
| Troubleshoot Defender for IoT micro agent issues | https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/troubleshoot-defender-micro-agent |
| Reference Microsoft Defender for IoT alert types | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/alert-engine-messages |
| Troubleshoot Microsoft Defender for IoT OT sensors | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-troubleshoot-sensor |
| Validate Defender for IoT OT sensor software installation | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/ot-deploy/post-install-validation-ot-software |
| Interpret Defender for IoT sensor health messages | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/sensor-health-messages |
| Topic | URL |
|---|---|
| Investigate CIS benchmark recommendations in Defender | https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/how-to-investigate-cis-benchmark |
| Plan OT monitoring topology with Defender for IoT | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/plan-corporate-monitoring |
| Prepare OT sites and sensor placement for Defender for IoT | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/plan-prepare-deploy |
| Optimize OT alert workflows on Defender for IoT sensors | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-accelerate-alert-incident-response |
| Topic | URL |
|---|---|
| Select architectures to connect OT sensors to Azure | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/architecture-connections |
| Use sample OT network connectivity models for sensors | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/sample-connectivity-models |
| Map Defender for IoT to Purdue OT network layers | https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/best-practices/understand-network-architecture |
npx claudepluginhub microsoftdocs/agent-skills --plugin azure-agent-skillsProvides expert guidance for Azure IoT Hub development: troubleshooting device connectivity and routing, best practices for secure/scaling deployments, decision making on tiers and routing, and design patterns for DPS HA/DR and VNet connectivity.
Configures Microsoft Defender for Cloud plans across Azure subscriptions for CSPM and workload protection on VMs, containers, SQL, storage, and Key Vault. Enables security agents, compliance assessment, and adaptive controls.
Enables Microsoft Defender for Cloud plans, configures auto-provisioning, and sets up security posture management across Azure workloads including VMs, containers, SQL, storage, and Key Vault.