John Chang, profile picture
Uploaded byJohn Chang
PDF, PPTX189 views

Automated Device Provisioning

The document discusses the challenges of device provisioning in IoT, highlighting the complexities of supply chains and the manual nature of initial configurations. It describes a two-step provisioning process involving enrollment and registration, and outlines features of the Device Provisioning Service (DPS) such as support for multiple authentication methods and device management capabilities. Additionally, it offers a demo for provisioning a device using symmetric key attestation.

Embed presentation

Download as PDF, PPTX
Device Provisioning Service John Chang Commercial Software Engineering Microsoft 2019.09
Why provisioning is hard today • Solutions must have per-device revocable access • Provisioning is a manual process • Initial configuration can become irrelevant between manufacturing and deployment • Device supply chains are complex
An IoT device’s relationship to DPS
Provisioning process • There are two distinct steps with security flows • The manufacture step in which the enrollment information is harvested and placed in the enrollment list • The registration step in which the device phones home to the DPS
Automated Device Provisioning Device Management System 2. Return the device information. 1. Create the Enrollment list. Device Service Bus Logic App ASP.NET Core (On Device)
IoT Hub IoT Hub IoT Hub IoT Hub Provisioning with DPS IoT Hub Device Device Provisioning Service Business logic “where’s my home?”Identity attestation Device enrollment info Register new device, populate initial configRegistered device info Registered device info Establish connection Initial configuration Device telemetry Insights Device telemetry …etc
Brief feature overview • Cross-region, cross-subscription DPS→IoT Hub connection • Group and individual enrollment • Multiple auth methods supported • Symmetric keys • TPM endorsement key • X.509 certificates • Automatic re-provisioning • Factory reset • Migration • Enrollment-level device assignment logic • Static assignment • Evenly weighted • Lowest-latency (geo-sharding) • Custom assignment logic
Provision with Symmetric key attestation • Represents a "Hello world" experience for developers who are new to device provisioning, or do not have strict security requirements. • Device attestation using a TPM is more secure and should be used for more stringent security requirements. • Legacy devices may not have a certificate, TPM, or any other security feature that can be used to securely identify the device. • Symmetric key attestation can be used to identify a device based off information like the MAC address or a serial number.
Demo – Provision Device with Symmetric key https://github.com/michael-chi/automate-device-provisioning
Code Flow
Questions?

More Related Content

PPTX
Essential MDM configurations
byPeter Hewer
 
PPTX
Retail Location Security Complexities
byEtienne Liebetrau
 
PDF
Securing the Mobile enterprise
byIBM Danmark
 
PPTX
MDM - airwatch
byBharat Sinha
 
PDF
Enterprise Mobility (Admin)
byMicrosoft
 
PPTX
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...
byNordic Infrastructure Conference
 
PDF
Mobile Devices & BYOD Security – Deployment & Best Practices
byCisco Canada
 
PDF
#MFSummit2016 Secure: Mind the gap strengthening the information security model
byMicro Focus
 
Essential MDM configurations
byPeter Hewer
 
Retail Location Security Complexities
byEtienne Liebetrau
 
Securing the Mobile enterprise
byIBM Danmark
 
MDM - airwatch
byBharat Sinha
 
Enterprise Mobility (Admin)
byMicrosoft
 
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...
byNordic Infrastructure Conference
 
Mobile Devices & BYOD Security – Deployment & Best Practices
byCisco Canada
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
byMicro Focus
 

What's hot

PPTX
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
byNordic Infrastructure Conference
 
PPTX
Enterprise Mobility Suite- Azure AD Premium
byLai Yoong Seng
 
PDF
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
byMicro Focus
 
PDF
AMB110: IT Asset Management – How to Start When You Don’t Know Where to Start
byIvanti
 
PPTX
VBOT
byVasyaa Group of Services
 
PPTX
Mark Carlile, EMEA Enterprise Lead at Airwatch - Mobile content strategies an...
byGlobal Business Events
 
PDF
Identity and Access Lifecycle Automation
byHitachi ID Systems, Inc.
 
PDF
Blackberry in Government
byCommonwealth Telecommunications Organisation
 
PPTX
Business Case Of Bring Your Own Device[ BYOD]
byMd Yousup Faruqu
 
PDF
Introduction to Identity Management
byHitachi ID Systems, Inc.
 
PDF
Aptera Cloud Event 2013 - Windows Intune - Eric Rupp
byAptera Inc
 
PDF
Industrial Internet
byAlex Lavell
 
PPTX
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
byRicoh India Limited
 
PPTX
Windows 7 And Windows Server 2008 R2 Combined Value
byAmit Gatenyo
 
PDF
Chapter 5 IoT Design methodologies
bypavan penugonda
 
PDF
Byod+ +bring+your+own+device
byJ
 
PPTX
Office 365 Mobile Device Management: What Is It, and Why Should You Care - Pa...
bySummit 7 Systems
 
PPT
Iot secure connected devices indicthreads
byIndicThreads
 
PPTX
Managing 4,000 devices across 20+ remote sites on a single console
byManageEngine, Zoho Corporation
 
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
byNordic Infrastructure Conference
 
Enterprise Mobility Suite- Azure AD Premium
byLai Yoong Seng
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
byMicro Focus
 
AMB110: IT Asset Management – How to Start When You Don’t Know Where to Start
byIvanti
 
VBOT
byVasyaa Group of Services
 
Mark Carlile, EMEA Enterprise Lead at Airwatch - Mobile content strategies an...
byGlobal Business Events
 
Identity and Access Lifecycle Automation
byHitachi ID Systems, Inc.
 
Blackberry in Government
byCommonwealth Telecommunications Organisation
 
Business Case Of Bring Your Own Device[ BYOD]
byMd Yousup Faruqu
 
Introduction to Identity Management
byHitachi ID Systems, Inc.
 
Aptera Cloud Event 2013 - Windows Intune - Eric Rupp
byAptera Inc
 
Industrial Internet
byAlex Lavell
 
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
byRicoh India Limited
 
Windows 7 And Windows Server 2008 R2 Combined Value
byAmit Gatenyo
 
Chapter 5 IoT Design methodologies
bypavan penugonda
 
Byod+ +bring+your+own+device
byJ
 
Office 365 Mobile Device Management: What Is It, and Why Should You Care - Pa...
bySummit 7 Systems
 
Iot secure connected devices indicthreads
byIndicThreads
 
Managing 4,000 devices across 20+ remote sites on a single console
byManageEngine, Zoho Corporation
 

Similar to Automated Device Provisioning

PPTX
IoT platforms – comparison Azure IoT vs AWS IoT
by(Saravana) Pandiyan Varadaraj (He/Him)
 
PDF
Richard pablo - IoT Provisioning Solving the nightmare
byAWSCOMSUM
 
PPTX
Gestire i devices con Azure IoT Hub e IoT Edge
byMarco Parenzan
 
PPTX
CCI2018 - Gestire devices per l'Internet of Things con Azure IoT Hub
bywalk2talk srl
 
PDF
Enabling supply chain flexibility and IoT scale with zero touch provisioning
byEurotech
 
PDF
A Deep Dive into macOS MDM (and How it can be Compromised)
byPriyanka Aash
 
IoT platforms – comparison Azure IoT vs AWS IoT
by(Saravana) Pandiyan Varadaraj (He/Him)
 
Richard pablo - IoT Provisioning Solving the nightmare
byAWSCOMSUM
 
Gestire i devices con Azure IoT Hub e IoT Edge
byMarco Parenzan
 
CCI2018 - Gestire devices per l'Internet of Things con Azure IoT Hub
bywalk2talk srl
 
Enabling supply chain flexibility and IoT scale with zero touch provisioning
byEurotech
 
A Deep Dive into macOS MDM (and How it can be Compromised)
byPriyanka Aash
 

More from John Chang

PDF
跨部門團隊如何在AI專案中高效協作:敏捷方法論與生成式AI生命週期的實踐與應用策略
byJohn Chang
 
PDF
AI in Manufacturing - John.pdf
byJohn Chang
 
PDF
Use .NET Core to create IoT Solutions
byJohn Chang
 
PDF
Modern Data Warehouse Overview
byJohn Chang
 
PDF
AI for Intelligent Cloud and Intelligent Edge: Discover, Deploy, and Manage w...
byJohn Chang
 
PDF
以電腦視覺搭配感測器進行環境偵測
byJohn Chang
 
PDF
利用电脑视觉与人工智能 创造更多物联网价值
byJohn Chang
 
PPTX
透過電腦視覺與人工智慧創造物聯網新價值
byJohn Chang
 
PDF
遊戲服務上雲端 -- 設計的八大守則
byJohn Chang
 
PDF
深入研究雲端應用程式平台-AppFabric
byJohn Chang
 
PPSX
WCF 4.0-企業級雲端服務應用實務
byJohn Chang
 
跨部門團隊如何在AI專案中高效協作:敏捷方法論與生成式AI生命週期的實踐與應用策略
byJohn Chang
 
AI in Manufacturing - John.pdf
byJohn Chang
 
Use .NET Core to create IoT Solutions
byJohn Chang
 
Modern Data Warehouse Overview
byJohn Chang
 
AI for Intelligent Cloud and Intelligent Edge: Discover, Deploy, and Manage w...
byJohn Chang
 
以電腦視覺搭配感測器進行環境偵測
byJohn Chang
 
利用电脑视觉与人工智能 创造更多物联网价值
byJohn Chang
 
透過電腦視覺與人工智慧創造物聯網新價值
byJohn Chang
 
遊戲服務上雲端 -- 設計的八大守則
byJohn Chang
 
深入研究雲端應用程式平台-AppFabric
byJohn Chang
 
WCF 4.0-企業級雲端服務應用實務
byJohn Chang
 

Recently uploaded

PDF
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
PPTX
OpenID AuthZEN Overview - Gartner IAM 25
byDavid Brossard
 
PDF
Ch2 -ENG.pdf COMPUTER ARCHITECTURE L2 INFO
byrogase8895
 
PDF
Reusable technology: Saving development time with shared Unity plug-ins and S...
byBruno Cicanci
 
PPTX
Application Security – Static Application Security Testing (SAST)
byLalit Jagotra
 
PDF
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
PDF
Anchore Enterprise Q4 2025 Release Webinar
byAnchore
 
PPT
This-Project-Demonstrates-How-to-Create.ppt
byjayasuryanexinfo
 
PDF
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
PPTX
The Future of Surgical Practice How AI is Transforming Diagnostics, Schedulin...
byEasy Clinic
 
PPTX
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
PPTX
Deep Dive into Durable Functions, presented at Cloudbrew 2025
byJoonas Westlin
 
PDF
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
PDF
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
PDF
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
PDF
Combinatorial Interview Problems with Backtracking Solutions - From Imperativ...
byPhilip Schwarz
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PDF
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
PDF
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
OpenID AuthZEN Overview - Gartner IAM 25
byDavid Brossard
 
Ch2 -ENG.pdf COMPUTER ARCHITECTURE L2 INFO
byrogase8895
 
Reusable technology: Saving development time with shared Unity plug-ins and S...
byBruno Cicanci
 
Application Security – Static Application Security Testing (SAST)
byLalit Jagotra
 
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
Anchore Enterprise Q4 2025 Release Webinar
byAnchore
 
This-Project-Demonstrates-How-to-Create.ppt
byjayasuryanexinfo
 
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
The Future of Surgical Practice How AI is Transforming Diagnostics, Schedulin...
byEasy Clinic
 
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
Deep Dive into Durable Functions, presented at Cloudbrew 2025
byJoonas Westlin
 
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
Combinatorial Interview Problems with Backtracking Solutions - From Imperativ...
byPhilip Schwarz
 
application security presentation 2 by harman
byharmanideapad
 
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 

Automated Device Provisioning

  • 1.
    Device Provisioning Service John Chang CommercialSoftware Engineering Microsoft 2019.09
  • 2.
    Why provisioning is hardtoday • Solutions must have per-device revocable access • Provisioning is a manual process • Initial configuration can become irrelevant between manufacturing and deployment • Device supply chains are complex
  • 4.
    An IoT device’srelationship to DPS
  • 5.
    Provisioning process • There aretwo distinct steps with security flows • The manufacture step in which the enrollment information is harvested and placed in the enrollment list • The registration step in which the device phones home to the DPS
  • 6.
    Automated Device Provisioning Device Management System 2.Return the device information. 1. Create the Enrollment list. Device Service Bus Logic App ASP.NET Core (On Device)
  • 7.
    IoT Hub IoT Hub IoTHub IoT Hub Provisioning with DPS IoT Hub Device Device Provisioning Service Business logic “where’s my home?”Identity attestation Device enrollment info Register new device, populate initial configRegistered device info Registered device info Establish connection Initial configuration Device telemetry Insights Device telemetry …etc
  • 8.
    Brief feature overview • Cross-region,cross-subscription DPS→IoT Hub connection • Group and individual enrollment • Multiple auth methods supported • Symmetric keys • TPM endorsement key • X.509 certificates • Automatic re-provisioning • Factory reset • Migration • Enrollment-level device assignment logic • Static assignment • Evenly weighted • Lowest-latency (geo-sharding) • Custom assignment logic
  • 9.
    Provision with Symmetric key attestation •Represents a "Hello world" experience for developers who are new to device provisioning, or do not have strict security requirements. • Device attestation using a TPM is more secure and should be used for more stringent security requirements. • Legacy devices may not have a certificate, TPM, or any other security feature that can be used to securely identify the device. • Symmetric key attestation can be used to identify a device based off information like the MAC address or a serial number.
  • 10.
    Demo – ProvisionDevice with Symmetric key https://github.com/michael-chi/automate-device-provisioning
  • 11.
  • 12.