DMI Decoder configurations
This article explains how to configure the DMI decoder, and alternative configurations for devices that do not support it.
Note
Defender for IoT plans to retire the micro agent on August 1, 2025.
Overview
The Microsoft Defender for IoT Device inventory provides an overview of all IoT devices in your environment. The device inventory table can be customized to your preferences by adding or removing information fields, and filtering the fields.
The DMI decoder is used to retrieve data on the hardware and firmware of the device.
Retrieved fields are:
- Firmware vendor
- Firmware version
- Hardware model
- Hardware serial number
- Hardware vendor
For more information on the DMI Decoder, see dmidecode(8): DMI table decoder - Linux man page (die.net).
Populate SMBIOS tables for dmidecode
To support dmidecode(8), SMBIOS tables needs to be present and valid. To implement, please refer to the System Management BIOS specifications.
Alternative configurations
For devices that do not support the DMI decoder, there are two alternative options for retrieving and setting the firmware and hardware fields:
JSON file
To manually set the values on the device, create a JSON file. The micro agent will read the values from the JSON file and send them to the cloud.
To configure the file, use the following path and format details:
Path:
/etc/defender_iot_micro_agent/sysinfo.jsonFormat:
"HardwareVendor": "<hardware vendor>", "HardwareModel": "<hardware model>", "HardwareSerialNumber": "<hardware serial number>", "FirmwareVendor": "<firmware vendor>", "FirmwareVersion": "<firmware version>"
Module twin configurations
To manually set the values on the cloud, use the module twin configuration by setting the following properties:
“properties”:{
“desired”:{
“SystemInformation_HardwareVendor”: ”<data>”,
“SystemInformation_HardwareModel”: ”<data>”,
“SystemInformation_FirmwareVendor”: ”<data>”,
“SystemInformation_ FirmwareVersion”: ”<data>”,
“SystemInformation_HardwareSerialNumber”: ”<data>”
}
}
Next steps
Configure pluggable Authentication Modules (PAM) to audit sign-in events (Preview)