Defender for IOT Activation file is not valid

The described behavior matches a sensor-side rejection of the activation file, but backend validation or connectivity issues can also cause HTTP 500 responses.

Based on the available information, the following checks and remediation steps are supported:

1. Regenerate and re-upload the activation file
   • Activation files are unique per OT sensor and are signed by root of trust. They also expire 14 days after creation.
   • From Defender for IoT in the Azure portal, go to Sites and sensors, delete the problematic OT sensor, and onboard it again as an OT – Cloud Connected sensor. This recreates the sensor object and generates a new activation file.
   • Download the new activation file from Sites and sensors (three dots on the sensor row → Download activation file), then upload it from the sensor console under System Settings > Sensor management > Subscription & Activation Mode and select Activate.
   • If the activation file is valid but still rejected, download another activation file from the Sites and sensors page and try again.
2. Verify activation file freshness
   • Ensure the activation file is uploaded within 14 days of creation. If it is older, regenerate it from the Azure portal and repeat the upload.
3. Check sensor connectivity to Azure
   • If the sensor cannot connect to the internet or required Azure endpoints, activation can fail with backend errors.
   • Verify the sensor’s network configuration and, if a proxy is required, confirm it is correctly configured on the Sensor Network Configuration screen.
   • Ensure required outbound HTTPS (port 443) endpoints are allowed in the firewall/proxy. For OT sensors version 22.x, endpoint details can be downloaded from Sites and sensors → More actions → Download endpoint details; for other versions, see the networking requirements for sensor access to the Azure portal.
   • During activation via the browser, if a connectivity problem is detected, use the Cloud connectivity pane (opened via Learn more under the activation error) to review causes and recommendations. Any time-drift issues must be resolved before proceeding.
4. Confirm the correct activation workflow
   • Ensure the sensor has been properly onboarded in the Azure portal and that the activation file used matches that specific sensor (each OT sensor requires a unique activation file downloaded after onboarding).
   • For new or redeployed sensors, follow the documented activation flow: configure via browser/CLI, then in the Activation tab upload the activation file and accept terms.
5. When HTTP 500 persists
   • If repeated regeneration and upload of the activation file, along with confirmed connectivity and time synchronization, still result in HTTP 500 and “activation file is not valid,” the next supported step is to contact Microsoft Support. The documentation explicitly directs contacting Support when a valid activation file continues to be rejected and re-downloading does not resolve the issue.

References:

• Maintain OT network sensors from the sensor console
• Configure and activate your OT sensor
• Manage sensors with Defender for IoT in the Azure portal
• Sensor health message reference
• Tutorial: Onboard and activate a virtual OT sensor