Configure the Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console)

  • Release version: Australia
  • Updated March 12, 2026
  • 6 minutes to read

    • Use the Guided Setup for the Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console) to lead you through the integration steps.

    Before you begin

    Dependencies and requirements:
    • The Integration Commons for CMDB store app, which is automatically installed.
    • The CMDB CI Class Models app, which is automatically installed.
    • The ITOM Discovery License plugin (com.snc.itom.discovery.license). You must activate this plugin.
    • ITOM Licensing plugin (com.snc.itom.license). For more information, see Request Discovery.
    • The Datastream Action plugin (com.glide.hub.action_type.datastream), which is automatically installed.

    Role required: admin

    Note:
    If you have an earlier version of the Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console), then don’t migrate data from the old connector. You must uninstall the previous version and run the new integration.

    Procedure

    1. Ensure that the application scope is set to the Service Graph Connector for Microsoft Defender for IoT (On-premises Management Console) application by using the application picker.
      For more information, see Application picker.
    2. Navigate to All > Service Graph Connector Microsoft D4IoT > Guided Setup.
    3. On the Getting started page, select Get Started.
    4. To configure a MID Server, complete the following:
      1. In the Setup Connections and Credentials section, select the Configure MID server task.
      2. Select Mark as complete once you complete the MID Server configuration linked in the description.
    5. To update the Connection and Credentials Alias record, complete the following:
      1. In the Setup Connections and Credentials section, select the Connections and Credentials task.
      2. Select Configure.
      3. Open the default record Microsoft D4IoT Base API.
      4. From the Connections related list, select New to create a new HTTP(s) Connection record.
      5. In the Connection URL field, enter the name for the URL of your Microsoft Defender for IoT Central Manager.
        For example, https://192.168.1.100.
      6. Optional: If you are using a MID Server, select all of the following:
        • Use MID Server box
        • MID Server from the Advanced MID Server Configuration related list
        • MID Selection from the list
      7. In the Credential field, select the search icon to open the Credentials records list.
      8. Select New to create a new record.
      9. Select the API Key Credentials type.
      10. In the API Key field, enter a name and the API Key provided by your Microsoft Defender for IoT management console.
      11. Select Submit to create the credential record.
        To create an API Key in the Microsoft Defender for IoT management console, refer to Microsoft product documentation: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/references-work-with-defender-for-iot-apis.
      12. On the Connection form, select Submit to finish creating the Connection record.
    6. To test the connection, complete the following:
      1. In the Setup Connections and Credentials section, select the Test/Validate Connection task.
      2. Select the Test Connection UI action from the related links section on the data source record for sensors.
        After completing the connection test, view the results. You must perform the suggested troubleshooting steps until the test result returns Success.
      3. Check that the connection manager has a valid certificate.

        A valid certificate must be installed for a production environment. For a non-production or proof of concept (POC) instance, you can configure the system properties to enable the integration to work when the connection manager doesn’t have a valid certificate. The following table lists the system properties that you can configure for a non-production environment.

        Table 1. System properties for a non-production environment
        Property Value
        com.glide.communications.httpclient.verify_hostname Set to false.
        com.glide.communications.httpclient.verify_revoked_certificate Set to false.

        If you need to add this system property, see Add a system property.
        com.glide.communications.trustmanager_trust_all Set to true.
      4. Check the MID security policy.
        In the intranet record, verify that the columns in the following table show the specified values.
        Table 2. Intranet record values
        Column Value
        Certificate chain check false
        Hostname check false
        Revocation check false

        For more information, see MID Server certificate check policies.

        The connection shows that it is set correctly when the progress window shows the Completion code Success, and the number of records processed shows as the same number of sensors in the connection manager.

    7. To configure the system properties, complete the following:
      1. In the Configure System Properties section, select Configure.
      2. Configure the following system properties.
        Property Description
        sn_msftd4iotsgc.resourcepath.sensor Set the sensors resource path.
        • The sensors resource path is provided by default for the V3 API version.
        • If you want to use a different API version, you can override the path.
        sn_msftd4iotsgc.resourcepath.device
        • The devices resource path is provided by default for the V3 API version.
        • If you want to use a different API version, you can override the path.
        sn_msftd4iotsgc.resourcepath.connection
        • The connections resource path is provided by default for the V3 API version.
        • If you want to use a different API version, you can override the path.
        sn_msftd4iotsgc.pagesize.device Enter the number of records to display per page for each Devices and Connections API. Default value: 50 records per page
        sn_msftd4iotsgc.pagesize.connection
        • If you want to use a different Connection Alias than the Microsoft D4IoT Base API configured while setting up the connections and credentials records, you can enter the sys_id of your custom Connection Alias record in this property field.
        • The default value of this property is empty. If this property field is left blank, the Microsoft D4IoT Base API Connection Alias is used by default.
        sn_msftd4iotsgc.get_all_devices Select whether to fetch all records for devices, or only new records since the start time of the last successful import.
        Note:
        When you import devices for the first time, all records are imported regardless of the setting for this property.
        sn_msftd4iotsgc.get_all_connections Select whether to fetch all records for connections, or only new records since the start time of the last successful import in the CMDB.
        Note:
        When you import connections for the first time, all records are imported regardless of the setting for this property.
        sn_msftd4iotsgc.ot.vr.integration.id If you are using the Operational Technology Vulnerability Response application with the Service Graph for Microsoft Defender for IoT integration, provide the sys ID of the OT VR import record.
        Note:
        If the Operational Technology Vulnerability Response plugin is installed and this property field is left blank, the Microsoft D4IoT Devices CVE Integration (Delta Import) executes if Active is set to true on the record.
      3. Select Save.
    8. To import sensors, complete the following:
      1. In the Configure Sensors (NIDS) section, select the Import Sensors task.
      2. Select Configure.
      3. Select Active to activate the Scheduled Data Import job.
    9. To configure the NIDS, complete the following:
      1. In the Configure Sensors (NIDS) section, select the Import Sensors task.
      2. Select Mark as complete once you complete the NIDS configuration linked in the description.
    10. To configure import schedules, complete the following:
      1. In the Configure Import Schedules section, select Configure.
      2. Select SG-OT Microsoft D4IoT Sensors Scheduled Import to review or change the sensors import schedule as needed.
        • By default, the sensors import schedule is configured to run daily at midnight.
        • Import sensors before importing devices or connections.
      3. Select Active to activate the sensors import schedule.
      4. Select SG-OT Microsoft D4IoT Devices Scheduled Import to review or change the devices import schedule as needed.
        • By default, the devices import schedule is configured to run daily at midnight.
        • Devices are queried by sensor. The Service Graph Connector queries for devices detected by validated sensors. For information about configuring Network Intrusion Detection System (NIDS) appliances, see Validate the NIDS.
      5. Select Active to activate the devices import schedule.
      6. Select SG-OT Microsoft D4IoT Connections Scheduled Import to review or change the connections import schedule as needed.
        • By default, the connections import schedule is configured to run after the devices import runs (After Parent Runs).
        • Connections are only imported if both devices (Source & Destination in Microsoft API, or Parent & Child in the CMDB) are already in the CMDB.
        • Import devices before importing connections.