Microsoft introduces Azure Sphere for securing IoT devices

Microsoft is introducing new custom silicon, a Linux-based embedded OS and cloud service aimed at securing microcontroller-based devices.
Written by Mary Jo Foley, Senior Contributing Editor

Microsoft is looking to try to secure edge devices with a new secured OS and service for microcontrollers.


Called Azure Sphere, the new stack includes certified microcontrollers, an "Azure Sphere" operating system for those microcontrollers and an associated "Azure Sphere Security Service"service for these devices.

The head of Azure Sphere is Galen Hunt, whose newest title is Partner Managing Director of Microsoft Azure Sphere.

This new initiative isn't without precedent. Last year, I wrote about "Project Sopris," a Microsoft Research effort to secure low-cost Internet-connected devices. Hunt was one of the principals working on that project.

The Sopris team said it was working silicon partner MediaTek to revise one of their controllers -- the the Wi-Fi-enabled MT7687 -- to create a prototype of a highly secure microcontroller.

Early findings indicated that "even the most price-sensitive devices should be redesigned to achieve the high levels of device security critical to society's safety," the researchers said.

Microsoft is announcing Azure Sphere at RSA 2018. The new Azure Sphere-certified microcontrollers that the company is announcing combine real-time and application processors with built-in custom silicon security tech from Microsoft and connectivity, according to an April 16 blog announcing the initiative. Microsoft officials said this silicon security includes "learnings" from Xbox regarding how to secure these microcontrollers and devices they power.

The first Azure Sphere chip will be the MediaTek MT3620. Microsoft is including a new security subsystem in these secured multicontrollers that it calls "Pluton." The controllers themselves include the power of a Cortex-A processor with the real-time guarantees of a Cortex-M class processor, according to Microsoft's Azure Sphere web site.

The Azure Sphere OS includes a custom Linux kernel, plus secured application containers that compartmentalize code. As Microsoft cares more about selling Azure services than on trying to get Windows embedded everywhere these days, the reliance on Linux for a custom kernel here isn't that surprising, to be honest. But the company is still crowing about this being the first day that it's distributing a custom Linux kernel. (Microsoft did build a custom Linux-based switch operating systems for datacenter switches a couple years ago, but it wasn't really "distributing" that OS.)

The Azure Sphere Security Service provides the authentication, responds to threats and provides information on device and application failures. Developers can use Visual Studio Tools for Azure Sphere to write applications and can connect their Azure Sphere devices to Azure to get telemetry data, messaging and access to Azure IoT Hub and other services.

Azure Sphere is in private preview as of today, Microsoft official said and dev kits will be available by mid-year. Microsoft expects the first wave of Azure Sphere-powered devices to be "on shelves" by the end of calendar 2018, they said.

Microsoft also made a few other RSA announcements today.

The company took the wraps off Microsoft Automated Threat Detection and Remediation. This capability is meant to build on top of its Windows Defender Advanced Threat Protection service by providing new investigation and remediation capabilities. It adds conditional access for providing real time risk assessments. It will be coming to a future update of Windows 10 (I'm not sure if that means Redstone 4 or 5 -- likely 5, I'd think -- but Microsoft says it's in preview now.)

And Microsoft is making an interface for its Microsoft Intelligent Security Graph available to customers and developers, officials said.

Editorial standards