Sopris prototype microcontroller
The Seven Properties of Highly Secure Devices
Introducing Microsoft Azure Sphere: Secure and
power the intelligent edge
April, 16, 2018
Azure Sphere certified microcontrollers (MCUs):
A new cross-over class of MCUs that combines both real-time
and application processors with built-in Microsoft security
technology and connectivity. Each chip includes custom silicon
security technology from Microsoft, inspired by 15 years of
experience and learnings from Xbox, to secure this new class
of MCUs and the devices they power.
Galen Hunt Partner Managing Director, Microsoft Azure Sphere
12 x 12 mm
Cortex-A software architecture
All software that runs on the device, including the application, is signed by the
Microsoft certificate authority (CA). Application updates are delivered through the
trusted Microsoft pipeline, and the compatibility of each update with the Azure
Sphere device hardware is verified before installation.
Only one A7 application runs on the device at a time. A7 applications are
expected to run continuously and are automatically restarted if they stop or fail.
The product manufacturer’s application runs in an application container on the A7
core; it has access only to libraries and runtime services that Microsoft provides.
… A7 applications cannot perform generic file I/O or interprocess communication
To prevent the installation of rogue software, applications can be loaded in only
- Over-the-air update
The Azure Sphere device checks for software
updates each time it boots, when it initially
connects to Wi-Fi, and at 24-hour intervals
thereafter. If an Azure Sphere OS update is
available, download and installation could take
as much as 15 minutes and should not be
The Azure Sphere tenant represents a group of
Azure Sphere devices in the Azure Sphere
Security Service. Every device must be
"claimed" by an Azure Sphere tenant.
Claiming is a one-time operation that you
cannot undo even if the device is sold or
transferred to another person or organization.
• Windows 10 Anniversary Update or later
• Visual Studio Enterprise, Professional, or Community 2017 version 15.7 or later
• Visual Studio Tools Preview for Azure Sphere
• An Azure Sphere development board that is connected to your PC by USB
• A standard C library
✓ The SDK includes a standard C library that is customized to provide extra security. It does not support
file I/O, interprocess communication (IPC), or shell access.
• Custom application libraries
• A curl library
✓ applications can transfer data over HTTP.
• Currently, the Azure Sphere SDK supports application development only in C.
Microsoft IoT Vision and Roadmap
Azure IoT Edge
• Deploy and manage cloud services
• Managed by Azure or Azure Stack
Azure IoT Central
Azure IoT solution accelerators
Windows IoT, Linux • Azure IoT Edge runs on Windows and Linux
• Peerless security for MCU devices
• Connect directly to Azure or via Azure IoT
Azure Sphere OS • Linux Kernel that modernizes MCU devices
Azure IoT Device SDK • Multi-device, multi-language, multi-OS
• iOS, Android, Windows, Linux
Build 2018 – BRK2154-Microsoft IoT Overview, Vision and Roadmap